Date: Wed, 13 Nov 2013 00:44:46 +0800 [11:44:46 EST]Attached to the file is a ZIP file called dlf2365.zip which contains a malicious executable file tax 2012-2013.exe which has an icon to make it look like a PDF file.
From: "firstname.lastname@example.org" [email@example.com]
Subject: FW: 2012 and 2013 Tax Documents; Accountant's Letter
I forward this file to you for review. Please open and view it.
Attached are Individual Income Tax Returns and W-2s for 2012 and 2013, plus an accountant's letter.
This email message may include single or multiple file attachments of varying types.
It has been MIME encoded for Internet e-mail transmission.
17/47. Automated analysis tools   show an attempted connection to nishantmultistate.com on 126.96.36.199 (Peer 1, US). This is the same server as used in this attack, and you can safely assume that the whole server is compromised. Blocking this IP is probably a good idea.