Case opened: 2008-07-29

A new mail came in with a link to a page nearly identical to case 1; here's the email:

From - Tue Jul 29 07:09:30 2008
X-Account-Key: account2
X-UIDL: 0001e39b470286bd
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
Return-Path: <hazel-setrepme@22designs.com>
Received: from www.despammed.com (localhost.localdomain [127.0.0.1])
	by outgoing.despammed.com (8.13.8/8.13.8) with ESMTP id m6TB1p46030072
	for <mail@outgoing.vivtek.com>; Tue, 29 Jul 2008 04:01:51 -0700
Received: (from root@localhost)
	by www.despammed.com (8.13.8/8.13.8/Submit) id m6TB1p6w030071
	for mail@outgoing.vivtek.com; Tue, 29 Jul 2008 04:01:51 -0700
Received: from cpc3-blac2-0-0-cust892.manc.cable.ntl.com (cpc3-blac2-0-0-cust892.manc.cable.ntl.com [81.102.163.125])
	by incoming.despammed.com (8.13.8/8.13.8) with ESMTP id m6TB1m4i030023
	for <mail@vivtek.com>; Tue, 29 Jul 2008 04:01:48 -0700
To: mail@vivtek.com
Subject: Smackdown highlights
From: Beaudrie <hazel-setrepme@22designs.com>
Content-Type: text/plain; format=flowed; delsp=yes; charset=ISO-8859-1
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Date:   Tue, 29 Jul 2008 12:01:44 +0100
Message-ID: <qx.llpnihqrdiokfs@DJXCL12J>
User-Agent: Opera Mail/9.50 (Win32)
X-Despammed-Tracer: m6TB1m4i0300231217329309

McCain criticizes Obama for lack of empathy
http://heimerpara.de/default.html

--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/

The payload exploit in this one is quite different (I think) from the first -- certainly the methods are entirely different. Since I don't have case 1 deobfuscated yet, the final exploit might be the same, but I'm guessing it isn't.