From: Rebecca Media [mailto:firstname.lastname@example.org]The link in the email goes through a legitimate but hacked website (rebeccacella.com) and lands on a malware landing page at [donotclick]dajizzum.com/team/administration/admin4_colon/fedora.php?view=44 (report here) which contains an exploit kit.
Sent: 11 July 2013 07:46
Subject: Subscription Details
We hereby inform you that your subscription has been activated, your login information is as follows:
Login Key: 839384
Please do not share the login information with anyone as this account is only for your use, sharing the account will result in account termination without a refund.
The credit card on file submited by you will be billed within 24 hours, in the amount of 499.00 GBP, amount equal to one year unlimited subscription.
Your bank statement will show up as being billed by "WTX Media INC".
If you have any questions or issues with your login as well as requests to upgrade or cancel your membership please contact us using the form at:
Any feedback is appreciated as we strive to improve our services constantly.
WTX Media Team
dajizzum.com is hosted on 18.104.22.168 (UK2.NET, UK) which appears to be a hijacked server. At the moment I can only see that one site hosted on this box, but blacklisting the IP as a precaution may be wise.
The spam originates from another malware server on 22.214.171.124 (more of this later) but it appears to use a compromised 1&1 account as the spamvertised domain, sender's address and SMTP relay of 126.96.36.199 all belong to that provider.