Sponsored by..

Tuesday 4 September 2012

LinkedIn spam / 108.178.59.26 and myasuslaptop.com

This fake LinkedIn spam leads to malware on 108.178.59.26 and myasuslaptop.com:

Date:      Tue, 04 Sep 2012 10:43:03 +0100
From:      "noreply" [noreply@linkedin.com]
Subject:      Link LinkedIn Mail

LinkedIn
REMINDERS

Invitation reminders:
• From Charlie Alexander (Mexico Key Account Director at Quanta)


PENDING MESSAGES

• There are a total of 5 messages awaiting your response. Visit your InBox now.

Don't want to receive email notifications? Adjust your message settings.

LinkedIn values your privacy. At no time has LinkedIn made your email address available to any other LinkedIn user without your permission. © 2012, LinkedIn Corporation.


The malicious payload (report here) is at [donotclick]108.178.59.26/bv6rcs3v1ithi.php?w=6de4412e62fd13be (Singlehop, US) in a block 108.178.59.0/26 suballocated to a person in Italy.  A further malicious download is attempted from [donotclick]myasuslaptop.com/updateflashplayer.exe which appears to be a legitimate (but hacked site).

My personal preference with any emails purporting to be from LinkedIn is to block them at the perimeter. As far as most businesses are concerned it is simply a playground for recruiters trying to poach your staff..

No comments: