We are currently seeing a malicious spam campaign purporting to be a notification from LinkedIn. The messages look realistic, but the giveaway is the bogus link exposed when you hover over the confirm button.
The bogus link salesforceappi[dot]com leads off to a server hosting an exploit kit, which automatically attempts to load malware onto the victim’s computer by using one of a number of ‘canned’ exploits targeting known vulnerabilities.
The campaign is very similar to one we saw last September, also using LinkedIn and also leading to an Exploit Kit. Real notifications from these sorts of social networking sites are commonplace and the bad guys are preying on this. Remember, just because it looks legit, doesn’t mean it is.
Leave a reply