Netter Versuch...

Guten Morgen du kleine Laus oder schläfst du dich immer noch aus? Die Sonne lacht und hat dir diese NERVENTÖTENDE mail gebracht.

Desideriv
mit angetackertem, gezipptem Trojaner...

..............................................
Checking: guten_morgen_742.zip
Engine version: 7.0.9.4080
Total virus-finding records: 5284864
File size: 54.76 KB
File MD5: 9fcc8cd58c1c1c21493ef4279531137a

guten_morgen_742.zip - archive ZIP
>guten_morgen_742.zip/guten_morgen_235.exe infected with Trojan.DownLoad3.33474
..............................................

Einen Header gibts auch noch:


header:
01: Return-path: <caponises [at] wildpark-eekholt.de>
02: Delivery-date: Wed, 28 May 2014 xx:xx:xx +0200
03: Received: from mi002.mc1.hosteurope.de ([80.237.138.253])
04: by wp220.webpack.hosteurope.de running ExIM with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
05: ID: [ID filtered]
06: Received: from [201.191.14.227]
07: by mx0.webpack.hosteurope.de (mi002.mc1.hosteurope.de) with smtp
08: ID: [ID filtered]
09: for poor [at] spamvictim.tld; Wed, 28 May 2014 xx:xx:xx +0200
10: To: <poor [at] spamvictim.tld>
11: From: "Desideriv" <caponises [at] wildpark-eekholt.de>
12: MIME-Version: 1.0
13: Subject: =?utf-8?b?R3V0ZW4gTW9yZ2VuIHZvbiBEZXNpZGVyaXY=?=
14: X-Mailer: Exhilarated v4.8
15: Date: Wed, 28 May 2014 xx:xx:xx -0600
16: Message-ID: [ID filtered]
17: Content-Type: multipart/mixed;
18: boundary="-----------------------5385FA9F_6465548"
19: X-HE-Virus-Scanned: Yes
20: X-HE-Spam-Level: +
21: X-HE-Spam-Score: 1.6
22: X-HE-Spam-Report: Content analysis details: (1.6 points)
23: pts rule name description
24: ---- ---------------------- --------------------------------------------------
25: 1.6 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT
26: [201.191.14.227 listed in bb.barracudacentral.org]
27: Envelope-to: poor [at] spamvictim.tld

Im Header steht zwar "X-HE-Virus-Scanned: Yes", aber anscheinend war der Virenscanner bei Host Europe noch nicht ganz wach