Attack Targets LinkedIn Users With Fake Contact Requests

wiredmikey writes "On Monday morning, cybercriminals began sending massive volumes of spam email messages targeting LinkedIn users. Starting at approximately 10am GMT, users of the popular business-focused social networking site began receiving emails with a fake contact request containing a malicious link. According to Cisco Security Intelligence, these messages accounted for as much as 24% of all spam sent within a 15-minute interval today. If users click, they are taken to a web page that says 'PLEASE WAITING.... 4 SECONDS..' and then redirected to Google, appearing as if nothing has happened. During those four seconds, the site attempted to infect the victim's PC with the ZeuS Malware via a 'drive-by download' – something that requires little or no user interaction to infect a system."

NoScript FTW

[robot256]

NoScript FTW. Seriously.

Re:NoScript FTW

[aekafan]

That is like saying that you don't understand how people can refuse to have sex with an AIDS infected whore. The internet is a very dangerous place without a lot of protection. A little inconvenience is a good trade off. I don't understand you can be on a place like Slashdot and not see this.

Re:NoScript FTW

[bhcompy]

Slashdot uses doubleclick.net, NoScript blocks that inherently. Thus, no one is tracking my habits without having to modify anything and I don't have to worry about completely disabling cookies so I don't need to re-login to every website I peruse.

And that doesn't mention the XSS protection

Re:NoScript FTW

[MrSenile]

Actually, users who know what they are doing don't need NoScript, we just don't visit shitty sites in the first place, but hey, whatever makes you feel superior to ... well whoever you think NoScript makes you better than.

As various ad sites that legitimate businesses use have had repeated reports of malware embedded in their flash, graphical, or other payloads, I wish you the best of luck, and promise not to say I told you so when you become one of the millions of zombies out there that help infect the rest of the world.

Sadly enough, it's people like you who tend to be the highest point of people who get infected. You know, the ones who say 'it won't be me'.

Arrogance tends to be the easiest weakness for virus attacks.

LinkedIn spam - but I repeat myself

[wowbagger]

" sending massive volumes of spam email messages targeting LinkedIn users."

To paraphrase Mark Twain:

Imagine you receive a message from LinkedIn. And imagine that it is spam. But I repeat myself.

Linkedin are just spammers anyway.

[schon]

Linkedin are just a bunch of spammers anyway.

I got an email from them, claiming that someone I knew wanted me to join. It was a spammer - the "custom message" that was included was a single link to a spam site in China.

The email had a "if this is spam..." report button, so I used it, and noted to linkedin that I didn't know the person, and it was *obviously* spam (the link was to a spam site.) Their automated system thanked me for reporting the abuse, and I thought that was the end of it.

Two weeks later, I receive a "helpful reminder" from Linkedin, telling me that I hadn't confirmed or rejected the invitation. Not only had they not taken any action, they helpfully included the spam link, and seemed blissfully unaware that I had reported this spammer's account two weeks prior.

Linkedin are just a bunch of scummy spammers. I blocked all email from their domain since.

Re:Linkedin are just spammers anyway.

[BitZtream]

I blocked all email from their domain since.

You do realize this current round isn't actually coming from LinkedIn right? Nor does it actually link back to their website?

Ban their domains 18 ways to sunday, you'll still get the messages.

Is there a real exploit here?

[gad_zuki!]

Or is another "Download gdggdsf.exe" and moronic users click on Run?

So far I've only see "drive by download" which is 100% meaningless. Would it kill them to tell us what exploit, if any is being used?

Execute the Bastards

[Nom+du+Keyboard]

I'm ready to execute all malware writers. Put them up against the wall and remove the problem forever. They contribute absolutely nothing of use to society.