Sponsored by..

Friday 18 January 2013

LinkedIn spam / shininghill.net

This fake LinkedIn spam leads to malware on shininghill.net:

Date:      Fri, 18 Jan 2013 18:16:32 +0200
From:      "LinkedIn" [announce@e.linkedin.com]
Subject:      LinkedIn Information service message

LinkedIn
REMINDERS

Invite notifications:
? From MiaDiaz ( Your renter)


PENDING EVENTS

∙ There are a total of 2 messages awaiting your response. Enter your InBox right now.

Don't want to get email info letters? Change your message settings.

LinkedIn values your privacy. Not once has LinkedIn made your e-mail address available to any another LinkedIn member without your permission. © 2013, LinkedIn Corporation.
The malicious payload is at [donotclick]shininghill.net/detects/solved-surely-considerable.php hosted on 222.238.109.66 (Hanaro Telecom, Korea). This IP address has been used in several recent attacks and should be blocked if you can.

The following domains appear to be active on this IP address, all should be considered to be malicious:
seoseoonwe.com
alphabeticalwin.com
splatwetts.com
bestwesttest.com
masterseoprodnew.com
teamrobotmusic.net
foxpoolfrance.net
linuxreal.net
vaishalihotel.net
tetraboro.net
terkamerenbos.net
shininghill.net


No comments: