The Latest in IT Security

LinkedIn spam / 50.116.23.176 and 64.244.61.40

27
Apr
2012

Another LinkedIn spam leading to malware, this time on 50.116.23.176 and 64.244.61.40:

Date:      Fri, 27 Apr 2012 16:19:17 +0800
From:      “LinkedIn reminder” [[email protected]]
Subject:      LInkedin pending messages

LinkedIn
REMINDERS

Invitation reminders:
• From Scott Burwell (Colleague at Nortel)

PENDING MESSAGES

• There are a total of 50 messages awaiting your response. Visit your InBox now.

Don’t want to receive email notifications? Adjust your message settings.

LinkedIn values your privacy. At no time has LinkedIn made your email address available to any other LinkedIn user without your permission. © 2010, LinkedIn Corporation.

The malicious payload is on 50.116.23.176/showthread.php?t=9d77a9163cda8dbe (report here) hosted by Linode in the US. There is a subsequent download attempted from 64.244.61.40/rUPYeVt0.exe which appears to be a legitimate hacked server belonging to cheekyshare.com.

Related posts:
  1. LinkedIn Spam / springrheumatology.net
  2. “LinkedIn Invitation from your co-worker” spam / slickcurve.com and bluecellular.com
  3. LinkedIn Spam / prospero-marketing.net
  4. “LinkedIn Invitation from your colleague” spam / closteage.com
  5. LinkedIn spam / 199.115.229.55

Tags:  
Written by Dynamoo's Blog
0 Comments

Leave a reply


Categories

TUESDAY, APRIL 16, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments