Date: Wed, 20 Feb 2013 04:28:14 +0600The malicious payload is at [donotclick]fulinaohps.ru:8080/forum/links/column.php (report here) hosted om the following IPs:
Subject: Fwd: ACH and Wire transfers disabled.
Dear Online Account Operator,
Your ACH transactions have been
220.127.116.11 (EUserv Internet, Germany)
18.104.22.168 (PS Internet Company, Kazakhstan)
22.214.171.124 (Chungwa Telecom, Taiwan)
These are the same IPs as used in this attack, you should block them if you can.