Hotmail Spoofing

Here the author was trying to trick the reader into believing their mail had a problem reaching a hotmail address and hinting to the user to click on the attachement.  A quick check on the mail header shows that the e-mail originated from 220.255.247.16 - a Singtel broadband user, who's computer probably had a virus that is sending out this package.

This e-mail spoof webmaster @hotmail.com

Subject: FwD: Illegal signs in E-Mail (Error:7327)

This e-mail was generated automatically.
Information about -HOTMAIL- under: http://www.hotmail.com

-----
Errors:

56.143.154.117_does_not_like_recipient.
% 371: Remote_host_said:_Requested_action_not_taken
% 149: Giving_up_on_56.143.154.117.
% 426: mailbox_unavailable
% 128: This_account_has_been_discontinued_[#214].
% 510: MAILBOX NOT FOUND

End
-----

The corrected mail is attached.
mail_8432.doc.bat

According to our anti virus scanner, this file is infected by I-Worm/Sober.G.