Sponsored by..

Monday 15 October 2012

"Copies of Policies" spam / linkrdin.ru

Another "Copies of Policies" spam, this time leading to malware on linkrdin.ru:

From: [support@victimdomain.com]
Date: 15 October 2012 07:15
Subject: RE: SANTOS - Copies of Policies.


Unfortunately, I cannot obtain electronic copies of the Ocean, Warehouse or EPLI policy.

Here is the Package and Umbrella,
and a copy of the most recent schedule.

The malicious payload is on [donotclick]linkrdin.ru:8080/forum/links/column.php (report here) hosted on the same IPs as this spam:

68.67.42.41 (Fibrenoire, Canada)
79.98.27.9 (UAB Interneto Vizija, Lithunia)
203.80.16.81 (MYREN, Malaysia)

No comments: