Date: Fri, 15 Feb 2013 07:24:40 -0500The malicious payload is on [donotclick]202.72.245.146:8080/forum/links/public_version.php (Railcom, Mongolia) (report here) which is a well-known malicious IP that you should definitely block if you can.
From: Tasha Rosenthal via LinkedIn [member@linkedin.com]
Subject: RE: Wire transfer cancelled
Good day,
Wire Transfer was canceled by the other bank.
Canceled transaction:
FED NR: 94813904RE5666838
Transfer Report: View
The Federal Reserve Wire Network
Update: there is also a "Scan from a HP ScanJet #841548" spam for the same IP, sending victims to [donotclick]202.72.245.146:8080/forum/links/column.php
No comments:
Post a Comment