From: firstname.lastname@example.org [mailto:email@example.com] On Behalf Of LinkedIn Password
Sent: 13 August 2012 08:59
Subject: Fwd: Re: Re: Scan from a Xerox WorkCentre Pro #9484820
A Document was sent to you using a XEROX WorkJet OP578636.
SENT BY : JIN
IMAGES : 1
FORMAT (.JPEG) DOWNLOAD
The malicious payload is at [donotclick]mirdymas.ru:8080/forum/showthread.php?page=5fa58bce769e5c2 (report here) hosted on the following familiar IP addresses:
220.127.116.11 (Amazon, Ireland)
18.104.22.168 (Cloudaccess.net, US)
22.214.171.124 (Myren, Malaysia)
Blocking access to these IPs will prevent other malicious sites on the same servers from being a problem.