Date: Mon, 10 Dec 2012 19:29:21 +0400The malicious payload is at [donotclick]eaglepointecondo.co/detects/denouncement-reports.php hosted on 220.127.116.11 in China, which has been used a few times recently for malware distribution.
From: "AICPA" [firstname.lastname@example.org]
Subject: Income fake tax return accusations.
You're receiving this email as a Certified Public Accountant and a member of AICPA.
Having difficulties reading this email? Take a look at it in your browser.
Termination of Public Account Status due to income tax fraud allegations
Respected accountant officer,
We have received a denouncement about your probable interest in income tax return swindle for one of your customers. In concordance with AICPA Bylaw Head # 500 your Certified Public Accountant status can be revoked in case of the occurrence of submitting of a faked or fraudulent income tax return for your client or employer.
Please be notified below and provide explanation of this issue to it within 21 business days. The rejection to provide elucidation within this period would finish in end off of your CPA license.
The American Institute of Certified Public Accountants.
The following malicious domains appear to be on the same server: