Fake LinkedIn Notifications Serving Up Malware

Friday, April 20, 2012



Security provider Commtouch is reporting a spate of bogus LinkedIn email notifications that lead unsuspecting users to be infected with malware.

The spoofed notifications look to be legitimate, sporting the LinkedIn logo and a format familiar to members of the business networking platform, making the operation difficult to detect at a glance.

"The LinkedIn reminders that are included in the attack include several variables such as names, relationships, and the number of messages awaiting response.  As usual the giveaway that something strange is occurring is the link," wrote Commtouch's Avi Turiel.

An example of the rogue message as provided by Commtouch is as follows:

Turiel reports that if a user clicks on the notification link, they are directed to a generic looking notification page while malicious scripts are executed to exploit known vulnerabiltities in Adobe's Reader and Acrobat applications.

Compare the bogus notification to a legitimate one here:

“Of course the malware is hugely problematic – but another issue emerges from all of these phony LinkedIn invitations – they cause malware-aware users to be suspicious about genuine invitations," Turiel noted.

Last month researchers at security provider GFI Labs reported a similar campaign of faux LinkedIn notifications tainted with a malicious link intended to infect the targeted recipient's computer with the Cridex malware, commonly utilized in spam-based attack operations.

As a general rule of thumb, LinkedIn users should not engage such notifications directly from their email, but instead should confirm the message's authenticity by seeing if the message appears in their LinkedIn account inbox.

Source: http://blog.commtouch.com/cafe/email-security-news/phony-linkedin-reminders-help-users-connect-with-malware-2/

Possibly Related Articles:
Viruses & Malware
SPAM malware Attack Social Engineering Social Media Headlines LinkedIn Malicious URL Commtouch
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.