Date: Fri, 29 Mar 2013 10:33:53 -0600 [12:33:53 EDT]Unzipping the attachment gives a malware filed called INVOICE_28781731.exe with an icon to look like a PDF file. VirusTotal detections are 16/46 and are mostly pretty generic. Comodo CAMAS reports a callback to topcancernews.com hosted on 126.96.36.199 (Vexxhost, Canada) which is also being used in this malware attack. Looking for that IP in your logs might show if any of your clients.
Subject: Please respond - overdue payment
Please find attached your invoices for the past months. Remit the payment by 02/04/2013
as outlines under our "Payment Terms" agreement.
Thank you for your business,
This e-mail has been sent from an automated system. PLEASE DO NOT REPLY.
The information contained in this message may be privileged, confidential and protected
from disclosure. If the reader of this message is not the intended recipient, or an
employee or agent responsible for delivering this message to the intended recipient, you
are hereby notified that any dissemination, distribution or copying of this communication
is strictly prohibited. If you have received this communication in error, please notify
your representative immediately and delete this message from your computer. Thank you.