Message is signed by a certificate "Issued by COMODO Client Authentication and Secure Email CA" and the certificate is revoked.
The sender address is a spoofed Gmail address of SEF News firstname.lastname@example.org but it was sent from a HINET server in Taiwan, not from Gmail. The exploit used is CVE-2011-0611, with the same malicious SWF as described in the previous post Jun 27 PDF - SWF CVE-2011-0611 Two Views On The South China Sea from compromised Pikes Peak BOCES account w Taidoor.
The payload is the same too Trojan Taidoor / Rubinurd (see more with Taidoor here) with CC server 18.104.22.168- Dubai, UAE
Update June 29
As screenshots of the certificate show, it was not expired. The Comodo
Certificate Revocation List showed that the certificate was revoked less
than 12 hours before it was sent, which means it was stolen and ready
to be used while it was still valid. Perhaps it was used while still
valid for a while before I got it.
Revocation doesn't work (18 Mar 2011) Imperial Violet