When viewed in HTML, the same malicious link hides behind the headlines of the top 10 videos / stories and leads us to a fake Flash upgrade.
This little "visual" trick is archived using Content-type: multipart/alternative; boundary=[removed] the in the email.
The spam belongs to the Trojan-Downloader.Win32.Exchanger family.
<h4>
File details
</h4>Filename: get_flash_update.exe
Additional information
File size: 78848 bytes
MD5...: dabb5a9b431c88c77281bcf1158a9879
SHA1..: 8c439c08189dfe82c50fafd2f15f11dc937dfe19
SHA256: 02397851411e9ac7aacb4c6bae7eb49816bb2225b04e3cd0a51bb021feb16579
PEiD..: -
ThreatExpert Report.QUOTEFile get_flash_update.exe received on 08.05.2008 04:33:06 (CET)
AhnLab-V3 2008.8.5.0 2008.08.04 -
AntiVir 7.8.1.15 2008.08.04 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2008.08.04 -
Avast 4.8.1195.0 2008.08.04 -
AVG 8.0.0.156 2008.08.04 I-Worm/Nuwar.V
BitDefender 7.2 2008.08.05 -
CAT-QuickHeal 9.50 2008.08.04 (Suspicious) - DNAScan
ClamAV 0.93.1 2008.08.05 -
DrWeb 4.44.0.09170 2008.08.04 -
eSafe 7.0.17.0 2008.08.05 Suspicious File
eTrust-Vet 31.6.6009 2008.08.05 Win32/Collet!generic
Ewido 4.0 2008.08.04 -
F-Prot 4.4.4.56 2008.08.04 -
F-Secure 7.60.13501.0 2008.08.04 -
Fortinet 3.14.0.0 2008.08.04 W32/Tibs.BF!worm
GData 2.0.7306.1023 2008.08.04 -
Ikarus T3.1.1.34.0 2008.08.05 -
K7AntiVirus 7.10.403 2008.08.04 -
Kaspersky 7.0.0.125 2008.08.05 -
McAfee 5353 2008.08.04 -
Microsoft 1.3807 2008.08.05 -
NOD32v2 3326 2008.08.05 Win32/Agent.ETH
Norman 5.80.02 2008.08.04 -
Panda 9.0.0.4 2008.08.04 -
PCTools 4.4.2.0 2008.08.04 -
Prevx1 V2 2008.08.05 Malware Dropper
Rising 20.56.02.00 2008.08.04 -
Sophos 4.31.0 2008.08.05 Mal/EncPk-DA
Sunbelt 3.1.1537.1 2008.08.01 -
Symantec 10 2008.08.05 Infostealer
TheHacker 6.2.96.393 2008.08.04 -
TrendMicro 8.700.0.1004 2008.08.04 -
VBA32 3.12.8.2 2008.08.04 -
ViRobot 2008.8.4.1322 2008.08.04 -
VirusBuster 4.5.11.0 2008.08.04 -
Webwasher-Gateway 6.6.2 2008.08.04 Trojan.Crypt.XPACK.Gen
