From: email@example.com [mailto:firstname.lastname@example.org] On Behalf Of LinkedIn Password
Sent: 13 August 2012 08:59
Subject: Fwd: Re: Re: Scan from a Xerox WorkCentre Pro #9484820
A Document was sent to you using a XEROX WorkJet OP578636.
SENT BY : JIN
IMAGES : 1
FORMAT (.JPEG) DOWNLOAD
The malicious payload is at [donotclick]mirdymas.ru:8080/forum/showthread.php?page=5fa58bce769e5c2 (report here) hosted on the following familiar IP addresses:
184.108.40.206 (Amazon, Ireland)
220.127.116.11 (Cloudaccess.net, US)
18.104.22.168 (Myren, Malaysia)
Blocking access to these IPs will prevent other malicious sites on the same servers from being a problem.