![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjU3f67K6C0NBokv04V37IYb3DgiTWa7OqhYK9KLn1zOV5r2-ZvW_f2syAYwe10QTwKlZcGWVmmhhG55RFY6tig_hDj_f5v2h6jeWOfuRWYMniYMtooVpvmKTEEMF9oi_dDXZG18tettOE/s200/ru8080.png)
Date: Thu, 29 Nov 2012 06:01:55 +0700The malicious payload is at [donotclick]dimarikanko.ru:8080/forum/links/column.php hosted on a bunch of familiar looking IP addresses which have been used in several recent attacks:
From: LinkedIn Connections [connections@linkedin.com]
Subject: Re: Fwd: Wire Transfer (75631MU030)
Dear Bank Account Operator,
WIRE TRANSFER: FED675249061747420
CURRENT STATUS: PENDING
Please REVIEW YOUR TRANSACTION as soon as possible.
202.180.221.186 (GNet, Mongolia)
203.80.16.81 (MYREN, Malaysia)
208.87.243.131 (Psychz Networks, US)
No comments:
Post a Comment