![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjU3f67K6C0NBokv04V37IYb3DgiTWa7OqhYK9KLn1zOV5r2-ZvW_f2syAYwe10QTwKlZcGWVmmhhG55RFY6tig_hDj_f5v2h6jeWOfuRWYMniYMtooVpvmKTEEMF9oi_dDXZG18tettOE/s200/ru8080.png)
Date: Thu, 15 Nov 2012 10:43:59 +0300
From: "Xanga" [noreply@xanga.com]
Subject: Re: Changelog 2011 update
Attachments: changelog-12.htm
Hello,
as promised chnglog attached (Internet Explorer File)
==========
Date: Thu, 15 Nov 2012 05:43:09 -0500
From: Chaz Shea via LinkedIn [member@linkedin.com]
Subject: Re: Changelog as promised(updated)
Attachments: Changelog-12.htm
Hello,
as prmised changelog is attached (Internet Explorer File)
The malicious payload is at [donotclick]feronialopam.ru:8080/forum/links/column.php hosted on a familiar looking bunch of IP addresses that you really should block:
120.138.20.54 (Sitehost, New Zealand)
202.180.221.186 (GNet, Mongolia)
203.80.16.81 (MYREN, Malaysia)
No comments:
Post a Comment