一日に20通以上，同じメールが来てました．

From: "example.com support"
X-Mailer: The Bat! (v3.51.10) Home
Reply-To: speedybd96@rosstarrant.com
X-Priority: 3 (Normal)
Message-ID: <549840939.58186103452173@rosstarrant.com>
Subject: example.com account notification

Content-Type: text/plain; charset=Windows-1252
Content-Transfer-Encoding: 7bit

Dear Customer,

This e-mail was send by admin@example.com to notify you that we have temporarily prevented access to your account.

We have reasons to beleive that your account may have been accessed by someone else. Please open attached file (open.html) and Follow instructions.

example.com

open.htmlというJavascriptのファイルが添付されています．

難読化されてますが，ちょっと解析すると，まず

http://advancedwoodtech.com/xnu4ei/z.htm

にアクセスし，ついで

http://magazine-awm.ru/earl/index.php

に飛ぶようになっていることが分かります．

なんか個人登録ドメインっぽいですし．．．

domain: MAGAZINE-AWM.RU
nserver: ns1.secure2dns.ru.
nserver: ns2.secure2dns.ru.
state: REGISTERED, DELEGATED, VERIFIED
person: Private Person
phone: +7 926 3411572
e-mail: ivan-sushkin@yandex.ru
registrar: REGRU-REG-RIPN
created: 2010.05.23
paid-till: 2011.05.23

Bat!からのメールはほとんど全部拒否すればいいのでしょうね．
やってみましょう．