Attack Targets LinkedIn Users With Fake Contact Requests

wiredmikey writes "On Monday morning, cybercriminals began sending massive volumes of spam email messages targeting LinkedIn users. Starting at approximately 10am GMT, users of the popular business-focused social networking site began receiving emails with a fake contact request containing a malicious link. According to Cisco Security Intelligence, these messages accounted for as much as 24% of all spam sent within a 15-minute interval today. If users click, they are taken to a web page that says 'PLEASE WAITING.... 4 SECONDS..' and then redirected to Google, appearing as if nothing has happened. During those four seconds, the site attempted to infect the victim's PC with the ZeuS Malware via a 'drive-by download' – something that requires little or no user interaction to infect a system."

NoScript FTW

[robot256]

NoScript FTW. Seriously.

Re:NoScript FTW

I don't understand how people can stand surfing with NoScript--it's got to be the most obnoxious add-on ever. Worse than those software firewalls that prompt you to to allow/disallow traffic every 3 minutes.

Re:NoScript FTW

Yeah, belts are the same way, I can't stand how they always keep my pants *up* when they might fall down otherwise.

Re:NoScript FTW

[aekafan]

That is like saying that you don't understand how people can refuse to have sex with an AIDS infected whore. The internet is a very dangerous place without a lot of protection. A little inconvenience is a good trade off. I don't understand you can be on a place like Slashdot and not see this.

Re:NoScript FTW

[BitZtream]

NoScript is an absolute must have for anyone who knows what they are doing

Actually, users who know what they are doing don't need NoScript, we just don't visit shitty sites in the first place, but hey, whatever makes you feel superior to ... well whoever you think NoScript makes you better than.

Re:NoScript FTW

Actually, users who know what they are doing don't need NoScript, we just don't visit shitty sites in the first place

Exactly. NoScript is for the sort of person who visits LinkedIn.

Re:NoScript FTW

[MrSenile]

Actually, users who know what they are doing don't need NoScript, we just don't visit shitty sites in the first place, but hey, whatever makes you feel superior to ... well whoever you think NoScript makes you better than.

As various ad sites that legitimate businesses use have had repeated reports of malware embedded in their flash, graphical, or other payloads, I wish you the best of luck, and promise not to say I told you so when you become one of the millions of zombies out there that help infect the rest of the world.

Sadly enough, it's people like you who tend to be the highest point of people who get infected. You know, the ones who say 'it won't be me'.

Arrogance tends to be the easiest weakness for virus attacks.

Re:NoScript FTW

[srodden]

Now who's feeling superior?

By limiting yourself to the 50 web sites produced by trusted large firms, you're missing out on 99%+ of the internet. It's like listening to Clear Channel but only on the timeslots where the particular DJ comes personally recommended to you by a Justice of the Peace. Then again, some trusted firms are known for doing not-entirely-squeaky-clean things too. Sony rootkit anyone?

Do you also forego antivirus on you computer on the grounds that you only visit non-shitty websites and you're smart enough to not open attachments?

Life is full of uncertainty. To say that you'll never visit a shitty site is like saying you'll never walk down a street where you'll get mugged or you'll never sleep with a person that has an STD. Street lights, mace, vaccine and condoms are parts of a broad set of tools that we have to protect our person in meatspace. Tools like a decent browser, antivirus, firewall and script blocker are just parts of a broad set of tools that we have to protect us in cyberspace.

After 20 years in computing, I like to think that I'm one of the people "that know what they're doing" but never the less, I practice safe computing. I've never been hit by a virus or identity theft to the best of my knowledge. Is that because of my good habits or my precautions? I don't know but I don't claim to be perfect so I'm glad I have these helper apps.

Re:NoScript FTW

[oldspewey]

Maybe I'm an anomaly, but I actually refuse to click tinyurl links.

Re:NoScript FTW

[daveime]

Yes, because the LAST thing you'd want advertisements to target is SOMETHING YOU'RE ACTUALLY INTERESTED IN !

Much better everyone gets to punch the monkey !

Seriously, what is your problem with targeted ads ?

When you go into the same bar every day, the barman gets to know your usual tipple, and will often greet you with "Hello mate, the usual ?". You don't punch the fucker out shouting "stop invading my privacy with your tracking mechanisms".

Oh wait, a bar is outside the safety of the basement isn't it ?

It's 2010. Why are browsers not properly sandboxed

Why do these "drive by download" vulnerabilities exists? Web browsers should be sandboxed to disallow execution of malicious code. Clicking on a hyperlink should just not execute code that runs outside of the browser sandbox. That's jus

Is there a real exploit here?

[gad_zuki!]

Or is another "Download gdggdsf.exe" and moronic users click on Run?

So far I've only see "drive by download" which is 100% meaningless. Would it kill them to tell us what exploit, if any is being used?

Execute the Bastards

[Nom+du+Keyboard]

I'm ready to execute all malware writers. Put them up against the wall and remove the problem forever. They contribute absolutely nothing of use to society.

Don't use Windows

[kelsey.grammer]

Problem solved.

Re:Don't use Windows

Thanks for your useful and astute knowledge of the situation. Everybody should just drop their operating system and use a different one, because nobody relies on certain features of that OS or software exclusive to it. You've really done us all a favor.