Sponsored by..

Thursday 28 June 2012

LinkedIn spam /

This fake LinkedIn spam leads to malware on

Date:      Thu, 28 Jun 2012 00:52:04 +0200
From:      "2012, LinkedIn Corporation" [sdexheimer@itrs.com.br]
To:      [y009-xc6.ftdsf@catchamail.com]
Subject:      Relationship LinkedIn Mail


Invitation reminders:
• From Kevin Sellers (VP Analytic Services at Glencore)


• There are a total of 9 messages awaiting your response. Visit your InBox now.

Don't want to receive email notifications? Adjust your message settings.

LinkedIn values your privacy. At no time has LinkedIn made your email address available to any other LinkedIn user without your permission. © 2012, LinkedIn Corporation.

The malicious payload is at [donotclick] (report here) which is part of a small netblock of rented out by Limestone Networks in the US. Some attempt has been made to prevent analysis by generating a fake 403 page if you try to analyse it directly.

No comments: