Print

Print


Reported a couple of days ago by various security sites including Krebs 
<http://krebsonsecurity.com/2010/09/fake-linkedin-invite-leads-to-zeus-trojan/>:

> A major new malware spam campaign mimicking invites sent via business 
> networking site *LinkedIn.com *leverages user trust and a kitchen sink 
> of browser exploits in a bid to install the password-stealing *ZeuS 
> Trojan*.
> The spam campaign began Monday morning, according to security experts 
> at networking giant *Cisco Systems*, and for a while the fake LinkedIn 
> invitations accounted for as much as 24 percent of all spam. 
> Recipients who click links in the message are taken to a Web page that 
> reads, "Please Waiting, 4 seconds," and then sent on to Google.com.
>
> On the way to Google, however, the victim's browser is silently passed 
> through a site equipped with what appears to be 
> <http://webcache.googleusercontent.com/search?q=cache:kzZxBFCenh4J:viralerts.com/%3Ftag%3Dcountry+borlakas.info+exploit+pack&cd=1&hl=en&ct=clnk&gl=us&client=firefox-a> 
> the SEO Exploit Pack 
> <http://www.ipolicynetworks.com/technology/files/Seo_Sploit_Kit.html>, 
> a commercial crimeware kit that tries to exploit more than a dozen 
> browser vulnerabilities in an attempt to install ZeuS 
> <http://www.avertlabs.com/research/blog/index.php/2010/09/20/zeus-crimeware-toolkit/>.
>



On 9/30/2010 8:47 AM, Moody, Michael D wrote:
>
> It appears that messages that are purportedly from LinkedIn 
> Communications are being received by some UVMers.  The subject, today, 
> is "LinkedIn Messages, 9/30/2010."  Hovering over the message links 
> shows that the destination is anything but LinkedIn.  Has there been 
> other reports of this spoofing attempt?
>
>  
>
> Michael Moody
>