Slashdot Mirror

← Back to Stories (view on slashdot.org)

Attack Targets LinkedIn Users With Fake Contact Requests

Posted by Soulskill on from the hello-sir-madam dept.

wiredmikey writes "On Monday morning, cybercriminals began sending massive volumes of spam email messages targeting LinkedIn users. Starting at approximately 10am GMT, users of the popular business-focused social networking site began receiving emails with a fake contact request containing a malicious link. According to Cisco Security Intelligence, these messages accounted for as much as 24% of all spam sent within a 15-minute interval today. If users click, they are taken to a web page that says 'PLEASE WAITING.... 4 SECONDS..' and then redirected to Google, appearing as if nothing has happened. During those four seconds, the site attempted to infect the victim's PC with the ZeuS Malware via a 'drive-by download' – something that requires little or no user interaction to infect a system."

23 of 122 comments (clear)

  1. NoScript FTW by robot256 · · Score: 4, Insightful

    NoScript FTW. Seriously.

    1. Re:NoScript FTW by Anonymous Coward · · Score: 2, Insightful

      I don't understand how people can stand surfing with NoScript--it's got to be the most obnoxious add-on ever. Worse than those software firewalls that prompt you to to allow/disallow traffic every 3 minutes.

    2. Re:NoScript FTW by Anonymous Coward · · Score: 3, Insightful

      Yeah, belts are the same way, I can't stand how they always keep my pants *up* when they might fall down otherwise.

    3. Re:NoScript FTW by aekafan · · Score: 4, Insightful

      That is like saying that you don't understand how people can refuse to have sex with an AIDS infected whore. The internet is a very dangerous place without a lot of protection. A little inconvenience is a good trade off. I don't understand you can be on a place like Slashdot and not see this.

    4. Re:NoScript FTW by HelloKitty2 · · Score: 2, Informative

      It can be a-bit annoying as some sites stuff their pages with js from different sources so you're not sure which you must allow for the video to start playing etc.. But most of the time you end up visiting sites that you've already allowed and the rest of the 90% of the time you don't want to add an allow rule. I've been using it for a long time.

      The obnoxious part must be the default setup, maybe people don't know that you're supposed to hide that bar that pops up on each site saying that it has blocked js, and only use the small icon at the corner of the window to allow/disallow, this is just another case of a developer that doesn't give a s***t about fixing annoyances.

    5. Re:NoScript FTW by Abcd1234 · · Score: 2, Informative

      Eh, it works fine for me. Enable second-level domain scripts, and explicitly allow a few others (disqus, Google (a lot of people use their copies of jquery, etc), and a few others), and it works pretty well for the most part. Yeah, you occasionally come across a site that you have to "temporarily allow" a bunch of stuff to get it working, but those are the exception, IME.

    6. Re:NoScript FTW by Anonymous Coward · · Score: 2, Funny

      I don't understand how people can stand surfing with NoScript--it's got to be the most obnoxious add-on ever. Worse than those software firewalls that prompt you to to allow/disallow traffic every 3 minutes.

      It's not just that; I tried it for a few days, but couldn't figure out where the setting was to disable the "become a smug self-important jackass who has to constantly brag about NoScript in every possible online venue" mode. Since I have this attachment to my dignity and don't go clicking links from random people (and frequently not even from trusted people), I uninstalled it.

    7. Re:NoScript FTW by bhcompy · · Score: 4, Informative

      Slashdot uses doubleclick.net, NoScript blocks that inherently. Thus, no one is tracking my habits without having to modify anything and I don't have to worry about completely disabling cookies so I don't need to re-login to every website I peruse.

      And that doesn't mention the XSS protection

    8. Re:NoScript FTW by pixelpusher220 · · Score: 3, Informative

      lets see the rankings:

      1. noob
      2. user
      3. 'expert' who *knows* they won't get busted
      4. actual expert who knows that any precaution is not fool proof and it's best not to proclaim how much better they are than others.

      See the bold mirror moron

      --
      People in cars cause accidents....accidents in cars cause people :-D
    9. Re:NoScript FTW by MrSenile · · Score: 5, Insightful

      Actually, users who know what they are doing don't need NoScript, we just don't visit shitty sites in the first place, but hey, whatever makes you feel superior to ... well whoever you think NoScript makes you better than.

      As various ad sites that legitimate businesses use have had repeated reports of malware embedded in their flash, graphical, or other payloads, I wish you the best of luck, and promise not to say I told you so when you become one of the millions of zombies out there that help infect the rest of the world.

      Sadly enough, it's people like you who tend to be the highest point of people who get infected. You know, the ones who say 'it won't be me'.

      Arrogance tends to be the easiest weakness for virus attacks.

    10. Re:NoScript FTW by srodden · · Score: 2, Insightful

      Now who's feeling superior?

      By limiting yourself to the 50 web sites produced by trusted large firms, you're missing out on 99%+ of the internet. It's like listening to Clear Channel but only on the timeslots where the particular DJ comes personally recommended to you by a Justice of the Peace. Then again, some trusted firms are known for doing not-entirely-squeaky-clean things too. Sony rootkit anyone?

      Do you also forego antivirus on you computer on the grounds that you only visit non-shitty websites and you're smart enough to not open attachments?

      Life is full of uncertainty. To say that you'll never visit a shitty site is like saying you'll never walk down a street where you'll get mugged or you'll never sleep with a person that has an STD. Street lights, mace, vaccine and condoms are parts of a broad set of tools that we have to protect our person in meatspace. Tools like a decent browser, antivirus, firewall and script blocker are just parts of a broad set of tools that we have to protect us in cyberspace.

      After 20 years in computing, I like to think that I'm one of the people "that know what they're doing" but never the less, I practice safe computing. I've never been hit by a virus or identity theft to the best of my knowledge. Is that because of my good habits or my precautions? I don't know but I don't claim to be perfect so I'm glad I have these helper apps.

      --
      Why can't we let people believe whatever they like? It's not like a little religion has ever hurt anyone.
    11. Re:NoScript FTW by oldspewey · · Score: 2, Insightful

      Maybe I'm an anomaly, but I actually refuse to click tinyurl links.

      --
      If libertarians are so opposed to effective government, why don't they all move to Somalia?
    12. Re:NoScript FTW by daveime · · Score: 2, Insightful

      Yes, because the LAST thing you'd want advertisements to target is SOMETHING YOU'RE ACTUALLY INTERESTED IN !

      Much better everyone gets to punch the monkey !

      Seriously, what is your problem with targeted ads ?

      When you go into the same bar every day, the barman gets to know your usual tipple, and will often greet you with "Hello mate, the usual ?". You don't punch the fucker out shouting "stop invading my privacy with your tracking mechanisms".

      Oh wait, a bar is outside the safety of the basement isn't it ?

  2. LinkedIn spam - but I repeat myself by wowbagger · · Score: 4, Funny

    " sending massive volumes of spam email messages targeting LinkedIn users."

    To paraphrase Mark Twain:

    Imagine you receive a message from LinkedIn. And imagine that it is spam. But I repeat myself.

    --
    www.eFax.com are spammers
  3. Linkedin are just spammers anyway. by schon · · Score: 4, Informative

    Linkedin are just a bunch of spammers anyway.

    I got an email from them, claiming that someone I knew wanted me to join. It was a spammer - the "custom message" that was included was a single link to a spam site in China.

    The email had a "if this is spam..." report button, so I used it, and noted to linkedin that I didn't know the person, and it was *obviously* spam (the link was to a spam site.) Their automated system thanked me for reporting the abuse, and I thought that was the end of it.

    Two weeks later, I receive a "helpful reminder" from Linkedin, telling me that I hadn't confirmed or rejected the invitation. Not only had they not taken any action, they helpfully included the spam link, and seemed blissfully unaware that I had reported this spammer's account two weeks prior.

    Linkedin are just a bunch of scummy spammers. I blocked all email from their domain since.

    1. Re:Linkedin are just spammers anyway. by BitZtream · · Score: 5, Informative

      I blocked all email from their domain since.

      You do realize this current round isn't actually coming from LinkedIn right? Nor does it actually link back to their website?

      Ban their domains 18 ways to sunday, you'll still get the messages.

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  4. Started before monday, today is the netflix spam by BitZtream · · Score: 3, Informative

    LinkedIn spamming started before today, I know as we've got several from last week.

    Today we started getting the netflix emails about 'lost in mail' disks for movies that haven't been requested and/or to users without netflix accounts.

    Way to notice whats going on guys.

    --
    Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  5. Is there a real exploit here? by gad_zuki! · · Score: 4, Insightful

    Or is another "Download gdggdsf.exe" and moronic users click on Run?

    So far I've only see "drive by download" which is 100% meaningless. Would it kill them to tell us what exploit, if any is being used?

  6. I get thousands of these by MichaelSmith · · Score: 2, Interesting

    ...but I don't think the have anything to do with my non-neglected linkedin account. Its just normal phishing.

    What I did get yesterday was a telephone spam phishing attempt. They called told me they had detected malware from my system and tried to get me to load a remote administration tool from their web site. Take a look at the language on that site "Blue Screen To Death Error", etc. Its hilarious.

    --
    http://michaelsmith.id.au
  7. Execute the Bastards by Nom+du+Keyboard · · Score: 4, Insightful

    I'm ready to execute all malware writers. Put them up against the wall and remove the problem forever. They contribute absolutely nothing of use to society.

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
  8. Re:No kidding by GIL_Dude · · Score: 2, Interesting

    Actually only some of the exploits in Acrobat Reader have been patched. According to the latest security bulletin from Adobe, reader 9.3.4 has critical vulnerabilities and they will release a patch the week of Oct. 4th. So unfortunately you can still get hit with certain Reader/PDF exploits by visiting a site.

  9. Don't use Windows by kelsey.grammer · · Score: 2, Insightful

    Problem solved.

    --
    I reflect your pompous signature back upon you.
  10. PLEASE take linkedin.com SPF out of softfail mode by Linux_ho · · Score: 2, Interesting

    Changing one tilde to a dash would solve this problem for 90% or more of the phishing targets.

    $ dig txt linkedin.com

    ;; ANSWER SECTION:
    linkedin.com.        21600    IN    TXT    "v=spf1 ip4:70.42.142.0/24 ip4:208.111.172.0/24 ip4:64.74.220.0/24 ip4:64.74.221.0/26 ip4:64.71.153.211 ip4:64.74.221.30 ip4:69.28.149.0/24 ip4:208.111.169.128/26 ip4:64.74.98.128/26 ip4:64.74.98.16/29 mx ~all"

    --
    include $sig;
    1;