Sponsored by..

Wednesday 10 October 2012

LinkedIn spam / viewsonicone.ru

This fake LinkedIn spam leads to malware on viewsonicone.ru:

From: messages-noreply@bounce.linkedin.com [mailto:messages-noreply@bounce.linkedin.com] On Behalf Of LinkedIn Connections
Sent: 10 October 2012 09:46
Subject: Nayeli is now part of your network. Keep connecting...

 [redacted]. Congratulations!
You and Nayeli are now connected.

    Nayeli Deaton

--
Chad   

2012, LinkedIn Corporation
The link goes through some obfuscated javascript (report here) to lead to [donotclick]viewsonicone.ru:8080/forum/links/column.php hosted on the following IPs:
68.67.42.41 (Fibrenoire Internet, Canada)
178.79.146.49 (Linode, UK)
203.80.16.81 (MYREN, Malaysia)

All these IPs and domains are potentially malicious and should be blocked if you can do it:
68.67.42.41
178.79.146.49
203.80.16.81
rumyniaonline.ru
sonatanamore.ru
onlinebayunator.ru
uzoshkins.ru
limonadiksec.ru
ioponeslal.ru
pionierspokemon.ru
appleonliner.ru
lenindeads.ru
viewsonicone.ru

No comments: