Silent noise - about spam, trojans and other nasty stuff

Fresh in one of my inboxes:

You have received this e-mail because of the launching of State Vaccination H1N1 Program.
You need to create your personal H1N1 (swine flu) Vaccination Profile on the cdc.gov website. The Vaccination is not obligatory, but every person that has reached the age of 18 has to have his personal Vaccination Profile on the cdc.gov site. This profile has to be created both for the vaccinated people and the not-vaccinated ones. This profile is used for the registering system of vaccinated and not-vaccinated people.

Spam with subject line: "IMPORTANT: Your VISA VbV Password Has Expired!".
Contains links to botnet hosted domain herwsx.com, or more correct, subdomains.

The botnet has earlier (a few days ago) been used in connection with phished/hacked/"social engineered" MSN-accounts which ulitmately led to subdomains of
woooh-i-got-your-pics.com, eg http://zikay.woooh-i-got-your-pics.com/ (now dead).

Maybe more later, but here are some of the IPs, there are of course a lot more.

herwsx.com	 A 	24.7.18.28
herwsx.com	 A 	24.8.113.160
herwsx.com	 A 	24.11.157.140

Just in case I forget.

inetnum:        213.155.22.192 - 213.155.22.199
netname:        singhajeet3
descr:          singhajeet3 - Singh Ajeet
country:        UA
admin-c:        SA5766-RIPE
tech-c:         SA5766-RIPE
status:         ASSIGNED PA
mnt-by:         MNT-HOSTINGUA
source:         RIPE # Filtered

person:         Singh Ajeet
address:        34203, Florida, United States, Bradenton, 1901 60th Place E. Suite L4257
abuse-mailbox:  abuse@hosting.ua
phone:          +380487281518
nic-hdl:        SA5766-RIPE
source:         RIPE # Filtered

Tries to trick you:

Hey, some jerk has posted your pictures (u understand what kind of pictures are there) and sent a link of them to all ur friends. I have already replied back. Said, that he is an idiot. See the link:
http://archive1.salikuc.eu/photo-hosting/
Stevie Carrier

The link above goes to a page where you have to download "PhotoArchive.exe" if you want to see the alleged pictures of you:

A fresh posting today about Ecatel's crimeware friendly hosting:
http://hphosts.blogspot.com/2009/11/crimeware-friendly-isps-ecatel-as29073.html

There is probably a lot of people wondering why Ecatel is still up and running.
I've been wondering about it for a long time. (internal link).

I know I should not receive any money transfer from Western Union or a parcel from DHL.

Even someone claims so at least a couple of times each day lately.
But look out for the attachments, this is a real cat and mouse race.

The last one I received only a few minutes ago were only detected by 2 AV-vendors.
ClamAV calls it "Suspect.Bredozip-zippwd-4" and Sophos "Troj/BredoZp-L".
All according to VirusTotal.