Another slew of spam claiming to originate from LinkedIn has hit the wild Internet in less than 24 hours, according to the real time recording and tracking of email threats by our researchers in the AV Labs.
The malicious spam, this time, poses a question then gives a less-than-stellar answer to it, something criminals are counting on that recipients may simply accept and believe. Well, we better not take their word for it.
Here’s what the email looks like:
From: {bogus email address}
To: {random}
Subject: Join my network on LinkedIn
Message body:
{redacted} has indicated you are a FriendI’d like to add you to my professional network on LinkedIn.
[Allow button] View invitation from {redacted}
WHY MIGHT CONNECTING WITH {redacted} BE A GOOD IDEA?
{redacted} connections could be useful to you
After accepting {redacted} invitation, check {redacted} connections to see who else you may know and who you might want an introduction to. Building these connections can create opportunities in the future.
Clicking the Allow button or the link on the message body directs users to several Web pages of compromised sites, which all look like this:
This page laced with the Blackhole Exploit Kit code then auto-redirects users to a Russian website where the Cridex info-stealer payload can be downloaded.
Like we’ve said before, when in doubt, users should simply visit their LinkedIn pages and check their profile mailbox for invites.
Jovi Umawing (Thanks to the GFI Labs team)
Leave a reply