From: Xanga [mailto:email@example.com]The malicious payload is at [donotclick]geforceexlusive.ru:8080/forum/links/column.php hosted on the following IPs:
Sent: 12 October 2012 11:27
Subject: Fwd: Wire Transfer Confirmation (FED_6537H57898)
Dear Bank Account Operator,
WIRE TRANSFER: WRE-282857636652198
CURRENT STATUS: PENDING
Please REVIEW YOUR TRANSACTION as soon as possible.
18.104.22.168 (Fibrenoire, Canada)
22.214.171.124 (UAB Interneto Vizija, Lithunia)
126.96.36.199 (MYREN, Malaysia)
These IPs are worth blocking as they will probably also be used in future attacks.