Date: Wed, 6 Nov 2013 22:22:28 +0800 [09:22:28 EST]The email appears to come from an email address on the victim's own domain and the body text contains a list of recipients within that same domain. Attached to the email is a file VoiceMail.zip which in turn contains a malicious executable VoiceMail.exe with an icon to make it look like an audio file.
From: Administrator [voice9@victimdomain]
Subject: Voice Message from Unknown (886-966-4698)
- - -Original Message- - -
Sent: Wed, 6 Nov 2013 22:22:28 +0800
Subject: Private Message
This malware file has a detection rate of 3/47 at VirusTotal. Automated analysis tools   show an attempted connection to twitterbacklinks.com on 184.108.40.206 (Xeex, US) which is a web host that has been seen before in this type of attack.
Xeex seems to divide up its network into /28 blocks, which would mean that the likely compromised block would be 220.127.116.11/28 which contains the following domains:
Those domains are consistent with the ones compromised here and it it likely that they have all also been compromised.