Slashdot Mirror
Attack Targets LinkedIn Users With Fake Contact Requests
wiredmikey writes "On Monday morning, cybercriminals began sending massive volumes of spam email messages targeting LinkedIn users. Starting at approximately 10am GMT, users of the popular business-focused social networking site began receiving emails with a fake contact request containing a malicious link. According to Cisco Security Intelligence, these messages accounted for as much as 24% of all spam sent within a 15-minute interval today. If users click, they are taken to a web page that says 'PLEASE WAITING.... 4 SECONDS..' and then redirected to Google, appearing as if nothing has happened. During those four seconds, the site attempted to infect the victim's PC with the ZeuS Malware via a 'drive-by download' – something that requires little or no user interaction to infect a system."
...but I don't think the have anything to do with my non-neglected linkedin account. Its just normal phishing.
What I did get yesterday was a telephone spam phishing attempt. They called told me they had detected malware from my system and tried to get me to load a remote administration tool from their web site. Take a look at the language on that site "Blue Screen To Death Error", etc. Its hilarious.
http://michaelsmith.id.au
Actually only some of the exploits in Acrobat Reader have been patched. According to the latest security bulletin from Adobe, reader 9.3.4 has critical vulnerabilities and they will release a patch the week of Oct. 4th. So unfortunately you can still get hit with certain Reader/PDF exploits by visiting a site.
Changing one tilde to a dash would solve this problem for 90% or more of the phishing targets.
$ dig txt linkedin.com
;; ANSWER SECTION:
linkedin.com. 21600 IN TXT "v=spf1 ip4:70.42.142.0/24 ip4:208.111.172.0/24 ip4:64.74.220.0/24 ip4:64.74.221.0/26 ip4:64.71.153.211 ip4:64.74.221.30 ip4:69.28.149.0/24 ip4:208.111.169.128/26 ip4:64.74.98.128/26 ip4:64.74.98.16/29 mx ~all"
include $sig;
1;