Date: Wed, 16 Oct 2013 12:03:11 -0300 [11:03:11 EDT]report here) that attempts to download [donotclick]alenikaofsa.ru:8080/ieupdate.exe which has a VirusTotal detection rate of just 1/48 (only Kaspersky detects it.. again).
From: Pinterest [email@example.com]
Subject: Your Facebook friend Andrew Hernandez joined Pinterest
A Few Updates...
Your Facebook friend Andrew Hernandez just joined Pinterest. Help welcome Carol to the community!
©2013 Pinterest, Inc. | All Rights Reserved
The ThreatTrack report [pdf] looks like peer-to-peer Zeus to be, the Malwr report and Comodo CAMAS report also give some insight.
alenikaofsa.ru is registered to the infamous Russian "private person" and is hosted on the following IPs:
126.96.36.199 (Intergenia AG, Germany)
188.8.131.52 (RapidDSL & Wireless, US)
The domain alionadorip.ru is also hosted on these IPs.
What's interesting is that 184.108.40.206 was seen here months ago, which makes this look like the unwelcome return of the RU:8080 gang after a long absence.
The malware page uses a similar script to that used here although with the rather cheeky comment
// It's "cool" to let user wait 2 more seconds :/