Sponsored by..

Friday 4 May 2012

LinkedIn spam / 184.154.220.226

This fake LinkedIn spam leads to malware on 184.154.220.226:

Date:      Fri, 4 May 2012 -04:52:32 -0800
From:      LinkedIn Password [password@linkedin.com]
Subject:      Reset Your LinkedIn Password

LinkedIn

Hi hippy,

Can’t remember your LinkedIn password? No problem - it happens.

Please use this link to reset your password within the next 1 day:
Click here

Then sign in to LinkedIn with your new password and the email address where you received this message.

Thanks for using LinkedIn!
The malware is hosted on 184.154.220.226/showthread.php?t=34c79594e8b8ac0f (Singlehop, US) which is a very heavily obfuscated exploit page with a not very impressive VirusTotal detection rate of 2/42. Blocking the IP is a good proactive step to stop this from being a problem.

No comments: