WHY YES I DO WANT A COPY OF THAT. Sadly, the payload wasn’t even a trojan, just a Chinese-hosted pillz site. The default blocking of images from domains you don’t trust here is good; most clients have it now, and it was clearly developed as a response to web bugs but it also protects one from basilisks. It’s still trivial in the current email protocol to forge a sender, so trust no one – not even yourself.
best-targeted spam ever