Date: Fri, 15 Feb 2013 07:24:40 -0500The malicious payload is on [donotclick]22.214.171.124:8080/forum/links/public_version.php (Railcom, Mongolia) (report here) which is a well-known malicious IP that you should definitely block if you can.
From: Tasha Rosenthal via LinkedIn [email@example.com]
Subject: RE: Wire transfer cancelled
Wire Transfer was canceled by the other bank.
FED NR: 94813904RE5666838
Transfer Report: View
The Federal Reserve Wire Network
Update: there is also a "Scan from a HP ScanJet #841548" spam for the same IP, sending victims to [donotclick]126.96.36.199:8080/forum/links/column.php