Sponsored by..

Tuesday, 18 December 2012

LinkedIn spam / apensiona.ru

This fake LinkedIn spam leads to malware on apensiona.ru:

From: messages-noreply@bounce.linkedin.com on behalf of LinkedIn Connections
Sent: Tue 18/12/2012 14:01
Subject: Join my network on LinkedIn


LinkedIn
Hien Lawson has indicated you are a Friend
I'd like to add you to my professional network on LinkedIn.

- Hien Lawson


Accept
 View invitation from Hien Lawson 

WHY MIGHT CONNECTING WITH Hien Lawson BE A GOOD IDEA?

Hien Lawson's connections could be useful to you

After accepting Hien Lawson's invitation, check Hien Lawson's connections to see who else you may know and who you might want an introduction to. Building these connections can create opportunities in the future.
2012, LinkedIn Corporation 

The malicious payload is at [donotclick]apensiona.ru:8080/forum/links/column.php (the same payload as here) although this time the IPs have changed to:

109.235.71.144 (Serveriai, Lithunia)
176.31.111.198 (OVH, France)
217.112.40.69 (Utransit , UK)

Here's a plain list if you want to block the lot:
109.235.71.144
176.31.111.198
217.112.40.69

Blocking emails from linkedin.com at your perimeter might also be a good idea.

1 comment:

folkdrop said...

What you can do in such cases file or submit a complaint to LinkedIn network.Also keep an antivirus on your machine.

backlinkcentre.com