Sponsored by..

Friday, 1 June 2012

LinkedIn spam / immerialtv.ru

This fake LinkedIn spam leads to malware:

Date:      Fri, 1 Jun 2012 02:45:50 +0000
From:      LinkedIn Email Confirmation [emailconfirm@linkedin.com]
Subject:      Please confirm your email address

LinkedIn

Click here to confirm your email address.

If the above link does not work, you can paste the following address into your browser:

You will be asked to log into your account to confirm this email address. Be sure to log in with your current primary email address.

We ask you to confirm your email address before sending invitations or requesting contacts at LinkedIn. You can have several email addresses, but one will need to be confirmed at all times to use the system.

If you have more than one email address, you can choose one to be your primary email address. This is the address you will log in with, and the address to which we will deliver all email messages regarding invitations and requests, and other system mail.

Thank you for using LinkedIn!

--The LinkedIn Team

� 2012, LinkedIn Corporation

The payload is on [donotclick]immerialtv.ru:8080/forum/showthread.php?page=5fa58bce769e5c2c (report here) hosted on the following IPs:


50.57.43.49 (Slicehost, US)
50.57.88.200 (Slicehost, US)
184.106.200.65 (Slicehost, US)
187.85.160.106 (Ksys Soluções Web, Brazil)

Plain list for copy-and-pasting:
50.57.43.49
50.57.88.200
184.106.200.65
187.85.160.106

Those IPs host the following domains which can also be assumed to be hostile:
immerialtv.ru
opimmerialtv.ru
piloramamoskow.ru

1 comment:

Kafeine said...

Thx for sharing this !
(Same people behind this and the Phoenix EK that was here :
http://www.malwaredomainlist.com/mdl.php?search=navigator&colsearch=All&quantity=50
)