A different approach.
This one seems slightly different from all the packed viruses I'm seeing of late and thought you gurus might be interested.
Bot no doubt but still a little different from most you see in the originating email address and the to email address.
I won't bother with the kav bit, but hey, they will try anything. :)
Received: from zim-mta03.web.westnet.com.au (LHLO
zim-mta03.web.westnet.com.au) (192.168.39.33) by webmail05.westnet.com.au
with LMTP; Thu, 13 Dec 2012 19:58:46 +0800 (WST)
Received: from inbound-mail03.westnet.com.au (inbound-mail03.westnet.com.au [126.96.36.199])
by zim-mta03.web.westnet.com.au (Postfix) with ESMTP id 0C5BD4D31E
for <XXXXX@westnet.com.au>; Thu, 13 Dec 2012 19:58:45 +0800 (WST)
Received: from unknown (HELO ha178ss.3kav.info) ([188.8.131.52])
by inbound-mail03.westnet.com.au with ESMTP; 13 Dec 2012 19:58:45 +0800
Received: from localhost (localhost.localdomain [127.0.0.1])
by ha178ss.3kav.info (Postfix) with SMTP id F013CB46DDD5
for <XXXXX@westnet.com.au>; Thu, 13 Dec 2012 14:48:33 +0300 (MSK)
From: "=?gb2312?B?bm9yd2VnaWFu?=" <firstname.lastname@example.org>
To: "=?gb2312?B?bm9yd2VnaWFu?=" <XXXXX@westnet.com.au>,
Date: Thu, 13 Dec 2012 19:48:33 +0800
Content-Type: Multipart/Mixed; Boundary="-=NextMailPart50c9c091f1b06"
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke