Phony LinkedIn invitations are not a new phenomenon. What tends to change is the underlying delivery method used for the malware distribution – In this case compromised websites that unknowingly host malicious scripts. The LinkedIn reminders that are included in the attack include several variables such as names, relationships, and the number of messages awaiting response. As usual the giveaway that something strange is occurring is the link (see after mouseover).
Recipients that click on the link reach a rather bland looking “notification” page that provides no further links or instructions.
In the background, several scripts seek out software with vulnerabilities that can be exploited including:
- Adobe reader and Acrobat: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0188
- Microsoft Windows Help and Support Center in Windows XP: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1885
The fully functional host website is shown below.
Of course the malware is hugely problematic – but another issue emerges from all of these phony LinkedIn invitations – they cause malware-aware users to be suspicious about genuine invitations! Following the outbreak described above, I nearly deleted this actual invitation to connect..
Leave a reply