Missed JExploiS/t-Blacole.cx /fake LinkedIn Spam lrading to this malware via CVE-2011-3521 vuln, see: htxps://www.virustotal.com/file/d3af335637df9a1b29b9ed5e1cc0db6e60f313039ec758bfccfe0acebfb1e8d8/analysis/
see: htxp://zulu.zscaler.com/submission/show/e99c8ecf9c2b888f079a9ef0655ee90e-1338581545
IP address: 187.85.160.106, 184.106.200.65, 50.57.88.200, 50.57.43.49
Also found here that there was LinkedIn spam
Sop the payload is also here:
The payload is on immerialtv dot ru:8080/forum/showthread.php?page=5fa58bce769e5c2c hosted on the following IPs:
50.57.43.49 (Slicehost, US)
50.57.88.200 (Slicehost, US)
184.106.200.65 (Slicehost, US)
187.85.160.106 (Ksys Soluções Web, Brazil) See this address for our find
Plain list for copy-and-pasting:
50.57.43.49
50.57.88.200
184.106.200.65
187.85.160.106
all this reported to virus AT avast dot com
polonus