LinkedIn "Meeting Docs"
I just received this malware via LinkedIn. Upon quick inspection at CWSandbox (Sunbelt Software) this looks connected to padreim.ru, the file:
appears to exploit C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
hides itself in C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\TEMP\ as well as $tmp/doc~.dat
runs as C:\WINDOWS\system32\svrwsc.exe and numerous other service names
Just starting my analysis but wanted to get this out.
Sunbelt Software CWSandbox report
Virus Total Report