Date: Mon, 19 Nov 2012 03:55:08 -0500
From: ups [email@example.com]
Subject: Re: FW: End of Aug. Statement Reqiured
as reqeusted I give you inovices issued to you per oct. 2012 ( Internet Explorer/Mozilla Firefox file)
The malicious payload is at [donotclick]bamanaco.ru:8080/forum/links/column.php hosted on the following IPs:
126.96.36.199 (MYREN, Malaysia)
188.8.131.52 (Psychz Networks, US)
These IPs have been used to deliver malware several times recently, you should block access to them if you can.