Sponsored by..

Friday 8 March 2013

LinkedIn spam / giminalso.ru

This fake LinkedIn spam leads to malware on giminalso.ru:

From: messages-noreply@bounce.linkedin.com [mailto:messages-noreply@bounce.linkedin.com] On Behalf Of LinkedIn Password
Sent: 08 March 2013 10:24
Subject: Aylin is now part of your network. Keep connecting...

     [redacted], Congratulations!
You and Aylin are now connected.

    Aylin Welsh


2012, LinkedIn Corporation
The malicious payload is at [donotclick]giminalso.ru:8080/forum/links/column.php (report here) hosted on the same IPs as in this other attack today: (Hetzner, South Africa) (WebhostOne, Germany) (Supermedia, Poland)

1 comment:

Unknown said...

Thank you for this useful and timely post.
Just open that URL with SRWare Iron.
I then I interrupted what seemed like a Java applet download by closing the browser.
Would you be able to provide more information about the payload?
Thank you in advance for the info.