FYI: Just got this to my Tor relay mail address, with a zip file attached extracting to a '.scr' win exe. Curiously routed via a .gov.uk mail relay...
GB03022014.scr: PE32 executable (GUI) Intel 80386, for MS Windows
MD5: dba1e52929f6ca9d1a1bf87e4ff469cf GB2546241.zip MD5: fb1141494829b144b0075035022cfbb9 GB03022014.scr
Samples available on request. Full mail headers attached.
I read Jurre's analysis, but I disagree. I could be mixing this up with something else, but if I recall correctly, that screensaver Trojan Horse trick was one method by which the government was de-anonymizing Tor users, though I don't recall the exact name of this attack vector. Your IP of your relay is public of course, but if you opened that a location/identity that you wanted to stay hidden, in my opinion I would consider that to be compromised.
Thanks for the report.