Date: Mon, 11 Mar 2013 02:46:19 -0300 [01:46:19 EDT]The malicious payload is at [donotclick]giminanvok.ru:8080/forum/links/column.php (report pending) hosted on the same IPs used earlier today:
From: LinkedIn Connections [firstname.lastname@example.org]
Subject: Fwd: Wire Transfer (5600LJ65)
Dear Bank Account Operator,
WIRE TRANSFER: FED694760330367340
CURRENT STATUS: PENDING
Please REVIEW YOUR TRANSACTION as soon as possible.
188.8.131.52 (Hetzner, Germany)
184.108.40.206 (Endurance International Group, US)
220.127.116.11 (Netinternet, Turkey)
I strongly recommend that you block access to these IPs if you can.