Sponsored by..

Wednesday 28 November 2012

Changelog spam / ganadeion.ru

This fake changelog spam leads to malware at ganadeion.ru:


Date:      Wed, 28 Nov 2012 05:21:35 -0500
From:      LinkedIn Password [password@linkedin.com]
Subject:      Re: Changelog as promised (upd.)

Hello,

as prmised updated changelog - View

C. BERGMAN
The malicious payload is at [donotclick]ganadeion.ru:8080/forum/links/column.php hosted on some familiar looking IP addresses that you should block if you can:

202.180.221.186 (GNet, Mongolia)
203.80.16.81 (MYREN, Malaysia)
208.87.243.131 (Psychz Networks, US)

No comments: