Date: Mon, 11 Mar 2013 02:46:19 -0300 [01:46:19 EDT]The malicious payload is at [donotclick]giminanvok.ru:8080/forum/links/column.php (report pending) hosted on the same IPs used earlier today:
From: LinkedIn Connections [firstname.lastname@example.org]
Subject: Fwd: Wire Transfer (5600LJ65)
Dear Bank Account Operator,
WIRE TRANSFER: FED694760330367340
CURRENT STATUS: PENDING
Please REVIEW YOUR TRANSACTION as soon as possible.
18.104.22.168 (Hetzner, Germany)
22.214.171.124 (Endurance International Group, US)
126.96.36.199 (Netinternet, Turkey)
I strongly recommend that you block access to these IPs if you can.