Date: Thu, 6 Dec 2012 06:41:01 -0500The malicious payload is at [donotclick]cinemaallon.ru:8080/forum/links/column.php hosted on the following familiar IPs:
From: Isidro Pierre via LinkedIn [firstname.lastname@example.org]
Subject: RE: ASHTON - Copies of Policies.
Unfortunately, I cannot obtain electronic copies of the Ocean, Warehouse or EPLI policy.
Here is the Package and Umbrella,
and a copy of the most recent schedule.
22.214.171.124 (Gnet, Mongolia)
126.96.36.199 (Psychz Networks, US)