Date: Mon, 1 Oct 2012 04:16:46 -0500
From: Bebo Service [email@example.com]
Subject: Fwd: ACH Transfer rejected
The ACH debit transfer, initiated from your bank account, was canceled.
Transfer ID: FE-764029897226US
Transaction Report: View
NACHA - The Electronic Payment Association
The malicious payload is at [donotclick]onlinebayunator.ru:8080/forum/links/column.php (probably a Blackhole 2 exploit kit) hosted on the following familiar IPs that should be blocked:
18.104.22.168 (Republic CyberBunker, Antarctica - Amsterdam more likely)
22.214.171.124 (RACSA, Costa Rica)
126.96.36.199 (Myren, Malaysia)
Of note, CyberBunker has a long history of spamming and tolerating criminals. Blocking the range 188.8.131.52/19 should afford your network some additional protection.