The Latest in IT Security

LinkedIn spam / guessworkcontentprotect.biz

02
May
2013

This fake LinkedIn email leads to malware on guessworkcontentprotect.biz:

From:     LinkedIn Invitations [[email protected]]
Date:     2 May 2013 16:49
Subject:     LinkedIn inviation notificaltion.
   
LinkedIn
This is a note that on May 2, Lewis Padilla sent you an invitation to join their professional network at LinkedIn.
Accept Lewis Padilla Invitation
   
On May 2, Lewis Padilla wrote:

> To: [redacted]
>
> I’d like to join you to my professional network on LinkedIn.
>
> Lewis Padilla    
   
You are receiving Reminder emails for pending invitations. Unsubscribe.
C 2013 LinkedIn Corporation. 2029 Stierlin Ct, Mountain View, CA 94043, USA. 
The malicious payload is at [donotclick]guessworkcontentprotect.biz/news/pattern-brother.php (report here) hosted on:
82.236.38.147 (PROXAD Free SAS, France)
83.212.110.172 (Greek Research and Technology Network, Greece)
130.239.163.24 (Umea University, Sweden)
203.190.36.201 (Kementerian Pertanian, Indonesia)

Blocklist:
82.236.38.147
83.212.110.172
130.239.163.24
203.190.36.201
app-smart-system.com
contonskovkiys.ru
curilkofskie.ru
egetraktovony.ru
exrexycheck.ru
fenvid.com
frustrationpostcards.biz
gangrenablin.ru
gatareykahera.ru
guessworkcontentprotect.biz
janefgort.net
klosotro9.net
miniscule.pl
mortolkr4.com
peertag.com
priorityclub.pl
smartsecurity-app.com
zonebar.net

Leave a reply


Categories

SATURDAY, NOVEMBER 18, 2017

Featured

Archives

Latest Comments

Social Networks