Date: Thu, 21 Feb 2013 09:22:25 -0500 [09:22:25 EST]The malicious payload is at [donotclick]familanar.ru:8080/forum/links/column.php (report here) hosted on:
From: Tagged [Tagged@taggedmail.com]
Subject: Fwd: Re: Scan from a Xerox WorkCentre Pro #800304
A Document was sent to you using a XEROX WorkJet PRO 760820.
SENT BY : BRYNN
IMAGES : 5
FORMAT (.JPEG) DOWNLOAD
220.127.116.11 (EUserv Internet, Germany)
18.104.22.168 (Trackon Couriers, India)
22.214.171.124 (Chungwa Telecom, China)
Which are the same IPs found in this attack and several others. Block 'em if you can.