mmhh...this one is even "professional"

[bad_brain]

first time I got this kind of malware spam, so I thought I share:

To Whom It May Concern:

I am tired of receiving messages containing malicious computer programs (viruses) from your e-mail address!!!
If within 1-2 days you do not stop sending messages to my e-mail address, I will have to address this issue to the Police!...
Today I received a hard copy of your data logs from my Internet service provider. The copy contains your IP address, logs of sending malicious programs and your e-mail address details...
I am sending you the copy of the document containing your data and logs of sending malicious programs as the proof of your fault!!!!!!
You must print the document containing the list of your data and logs of sending malicious programs and pass it on to your Internet service provider with, so that they could find out why the viruses are sent from your computer to my e-mail address!!!!

Ask your Internet service provider to resolve this problem!!!!

Do this now!!!
Once again!!! If you don’t stop sending the letters, I will address to the Police and file a lawsuit against you!!!

spoofed sender is txtpe[at]bosjon.com.au, sender IP is 61.117.145.29:

MITSUBISHI SHOJI LIGHT METAL SALES CORPORATION

located in Japan.

now the fun part:
the email includes a zip file as attachment, inside a file name "IPLOGS"...of course an .exe but the used icon is the one of a pdf file:

Authentium - - W32/Malware!OC-based
Avast - - -
AVG - - PSW.Generic6.ABAB
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - Trojan.Zbot-2110
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - W32/Malware!OC-based
F-Secure - - Trojan.Win32.FraudPack.gen
Fortinet - - PossibleThreat
GData - - Trojan.Win32.FraudPack.gen
Ikarus - - Trojan.Win32.FraudPack
K7AntiVirus - - -
Kaspersky - - Trojan.Win32.FraudPack.gen
McAfee - - -
Microsoft - - PWS:Win32/Zbot.gen!B
NOD32v2 - - -
Norman - - -
Panda - - -
PCTools - - -
Prevx1 - - -
Rising - - -
Sophos - - Troj/PWS-ATH
Sunbelt - - -
Symantec - - Infostealer.Banker.C

I uploaded the file in case someone is interested and want to play with a disassembler: http://www.megaupload.com/?d=HGSZV91S
do not download or open this file if you don't exactly know what you are doing!

[DNR]

"the email includes a zip file as attachment, inside a file name "IPLOGS"...of course an .exe but the used icon is the one of a pdf file: "

Hidding a exe as a PDF is a good idea, everyone knows there is a lag and even internet traffic when you mess with a PDF file.
Also the letter is certainly a new tact on making people open files they normally wouldn't. For a webmaster/site owner it is perfect - one would think it is possible to get infected with malware and be innocently attacking another server.

DNR

[skip]

what happen if i open an infected file on wine? will it infect some files out of wine or it is just wine that will get infected?

[bad_brain]

nope, malware designed for MS systems can't do harm to Linux....
if you run it on wine make sure to log the network traffic with a packetsniffer so we can find out where the malware wants to connects to...

and yeah DNR, you surely remember the trouble I had when the old provider locked suck-o because of "distribution of malware", so this mail got my attention. but then again: the "IPLOGS" thingy was a little too cheap, because usually the email header is the evidence used in cases of malware spamming and not "iplogs" (whatever iplogs are supposed to be ).
also real logs are either in .txt format or have no file format suffix at all (like "access_log" for example), also .log is often used...but never pdf format..