Full text of email message at: http://isc.sans.org/diary.html?storyid=2208
There is spam making the rounds that is targeting customers of ISPs. The template of the e-mail is attached below and the attackers are using some sort of method to specifically mention the proper ISP name being used by the victim...
== START EMAIL ==
Dear <<insert ISP name here>> valued members
Regarding our new security regulations, as a part of our yearly maintenance we have provided a security guard script in the attachment. So, to secure your websites, please use the attached file and (for UNIX/Linux Based servers) upload the file "guard.php"...
Thank you for using our services and products. We look forward to providing you with a unique and high quality service.
<<insert ISP name here>>
== END EMAIL == "