Date: Mon, 1 Oct 2012 04:16:46 -0500
From: Bebo Service [email@example.com]
Subject: Fwd: ACH Transfer rejected
The ACH debit transfer, initiated from your bank account, was canceled.
Transfer ID: FE-764029897226US
Transaction Report: View
NACHA - The Electronic Payment Association
The malicious payload is at [donotclick]onlinebayunator.ru:8080/forum/links/column.php (probably a Blackhole 2 exploit kit) hosted on the following familiar IPs that should be blocked:
22.214.171.124 (Republic CyberBunker, Antarctica - Amsterdam more likely)
126.96.36.199 (RACSA, Costa Rica)
188.8.131.52 (Myren, Malaysia)
Of note, CyberBunker has a long history of spamming and tolerating criminals. Blocking the range 184.108.40.206/19 should afford your network some additional protection.