Date: Tue, 28 Aug 2012 11:04:30 -0400
From: "Intuit Payroll Services" [email@example.com]
Subject: QuickBooks Security Update
You will not be able to access your Intuit QuickBooks without updated Intuit Security Tool (IST™) after 31th of August, 2012.
You can update Intuit Security Tool here.
After a successful download please run the setup for an automatic installation, then login to Intuit Quickbooks online to check that it is working properly.
This email was sent from an auto-notification system that can't accept incoming email. Please don't reply to this message.
You have received this business communication as part of our efforts to fulfill your request or service your account.
You may receive this and other business communications from us even if you have opted out of marketing messages.
Terms, conditions, pricing, features, and service options are subject to change. View our complete Terms of Service.
The malicious payload is at [donotclick]roadmateremove.org/main.php?page=9bb4aab85fa703f5 (report here) hosted on 220.127.116.11 (Mastak Telecom / JSC Quickline, Russia) along with these other malicious sites:
You can pretty safely assume that 18.104.22.168 is a bad server and should be blocked.