Date: Fri, 27 Apr 2012 16:19:17 +0800The malicious payload is on 220.127.116.11/showthread.php?t=9d77a9163cda8dbe (report here) hosted by Linode in the US. There is a subsequent download attempted from 18.104.22.168/rUPYeVt0.exe which appears to be a legitimate hacked server belonging to cheekyshare.com.
From: "LinkedIn reminder" [firstname.lastname@example.org]
Subject: LInkedin pending messages
• From Scott Burwell (Colleague at Nortel)
• There are a total of 50 messages awaiting your response. Visit your InBox now.
Don't want to receive email notifications? Adjust your message settings.
LinkedIn values your privacy. At no time has LinkedIn made your email address available to any other LinkedIn user without your permission. © 2010, LinkedIn Corporation.