We've got more of these fake Microsoft e-mails doing the rounds folks, and as with the Alliance and Leicester scams, these are all hosted on residential machines by the looks of it.
Unlike the Alliance and Leicester ones however, these have a nasty surprise waiting for you.
Should you realize your mistake before infecting yourself with the download they're offering, they've been kind enough to try and ensure you get *something*, which in this case, comes from fx-news.ru, and thankfully at the time of writing this, the exploit part of this, isn't working.
The URL that should be giving you the exploit, is currently serving a MySQL error message;
220.127.116.11 is located on a Rushkranian block, apparently owned by Rise-v Ltd, which was also the source of the exploit at kervinly.com.
URL's I've seen thus far;
Not all of these are still resolving.
Jaxryley over at Malwarebytes has saved me some time, by providing the VT results;
With the Threat Expert results available at;
For clarity, one of the e-mails I received, is shown below.
/edit 05-08-09 04:41