Sponsored by..

Saturday 22 September 2012

LinkedIn spam / 69.194.201.21

This fake LinkedIn spam leads to malware on 69.194.201.21:

Date:      Sat, 22 Sep 2012 15:16:47 -0500
From:      "Reminder" [CC8504C0E@updownstudio.com]
Subject:      LinkedIn: New messages awaiting your response

LinkedIn
REMINDERS

Invitation reminders:
From Emilio Byrd (Insurance Manager at Wolseley)


PENDING MESSAGES

There are a total of 88 message(-s) awaiting your response. Go to InBox now.

This message was sent to [redacted]. This is an occasional email to help you get the most out of LinkedIn.

Adjust your message settings.

LinkedIn values your privacy. At no time has LinkedIn made your email address available to any other LinkedIn user without your permission.

2012, LinkedIn Corporation.

The malicious payload is at [donotclick]69.194.201.21/links/deep_recover-result.php (Solar VPS, US) which appears to be a Blackhole 2 exploit kit. Blocking this IP address would be prudent.

No comments: