Date: Fri, 27 Apr 2012 16:19:17 +0800The malicious payload is on 50.116.23.176/showthread.php?t=9d77a9163cda8dbe (report here) hosted by Linode in the US. There is a subsequent download attempted from 64.244.61.40/rUPYeVt0.exe which appears to be a legitimate hacked server belonging to cheekyshare.com.
From: "LinkedIn reminder" [reminder@linkedin.com]
Subject: LInkedin pending messages
REMINDERS
Invitation reminders:
• From Scott Burwell (Colleague at Nortel)
PENDING MESSAGES
• There are a total of 50 messages awaiting your response. Visit your InBox now.
Don't want to receive email notifications? Adjust your message settings.
LinkedIn values your privacy. At no time has LinkedIn made your email address available to any other LinkedIn user without your permission. © 2010, LinkedIn Corporation.
Friday, 27 April 2012
LinkedIn spam / 50.116.23.176 and 64.244.61.40
Another LinkedIn spam leading to malware, this time on 50.116.23.176 and 64.244.61.40:
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment