This LinkedIn spam leads to malware on 199.115.229.55 after bouncing through a couple of legitimate hacked sites, a technique that we haven’t seen for a couple of weeks.
Subject: Signal LinkedIn Mail
REMINDERSInvitation reminders:
• From Scott Burwell (Product Director at SNCF)PENDING MESSAGES
• There are a total of 44 messages awaiting your response. Visit your InBox now.
Don’t want to receive email notifications? Adjust your message settings.
LinkedIn values your privacy. At no time has LinkedIn made your email address available to any other LinkedIn user without your permission. © 2012, LinkedIn Corporation.
The malware is on 199.115.229.55/showthread.php?t=977334ca118fcb8c (report here) hosted by Volumedrive in the US, which subsequently tries to download further malware from electrosa.com/8zvW2XE.exe (a site that has been used a lot in recent days). That domain and IP are worth blocking.
Leave a reply
