Date: Wed, 7 Nov 2012 07:29:44 -0500
From: LinkedIn [welcome@linkedin.com]
Subject: Re: Intercompany inv. from Beazer Homes USA Corp.
Attachments: Invoice_e49580.htm
Hi
Attached the corp. invoice for the period July 2012 til Aug. 2012.(Internet Explorer file)
Thanks a lot for supporting this process
Rihanna PEASE
Beazer Homes USA Corp.
The attachment contains obfuscated Javascript that attempts to direct the visitor to a malicious payload at [donotclick]controlleramo.ru:8080/forum/links/column.php hosted on:
103.6.238.9 (Universiti Putra, Malaysia)
203.80.16.81 (MYREN, Malaysia)
209.51.221.247 (eNet, US)
These IP addresses have been used in several attacks recently, and you should block access to them if you can.
Some more samples:
Date: Thu, 8 Nov 2012 08:45:52 +0500
From: Ashley Madison [donotreply@ashleymadison.com]
Subject: Re: Inter-company invoice from Novellus Systems Corp.
Attachments: Invoice_c394579536.htm
Hallo
Attached the intercompany invoice for the period July 2012 til Aug. 2012.(Internet Explorer file)
Thanks a lot for supporting this process
TOVA Link
Novellus Systems Corp.
==========
Date: Thu, 8 Nov 2012 06:31:13 +0530
From: Badoo [noreply@badoo.com]
Subject: Re: Intercompany invoice from Arch Coal Corp.
Attachments: Invoice_i450583.htm
Hallo
Attached the intercompany inv. for the period July 2012 til Aug. 2012.(Internet Explorer file)
Thanks a lot for supporting this process
BETTYE Caldwell
Arch Coal Corp.
==========
Date: Wed, 7 Nov 2012 06:52:01 -0600
From: BrendenHavlicek@hotmail.com
Subject: Re: Intercompany invoice from Brookdale Senior Living Corp.
Attachments: Invoice_q2665.htm
Hallo
Attached the intercompany inv. for the period July 2012 til Aug. 2012.(Internet Explorer file)
Thanks a lot
NOEMI STEPHENS
Brookdale Senior Living Corp.