Sponsored by..

Monday 15 October 2012

"Copies of Policies" spam / linkrdin.ru

Another "Copies of Policies" spam, this time leading to malware on linkrdin.ru:

From: [support@victimdomain.com]
Date: 15 October 2012 07:15
Subject: RE: SANTOS - Copies of Policies.

Unfortunately, I cannot obtain electronic copies of the Ocean, Warehouse or EPLI policy.

Here is the Package and Umbrella,
and a copy of the most recent schedule.

The malicious payload is on [donotclick]linkrdin.ru:8080/forum/links/column.php (report here) hosted on the same IPs as this spam: (Fibrenoire, Canada) (UAB Interneto Vizija, Lithunia) (MYREN, Malaysia)

No comments: