A major new malware spam campaign mimicking invites sent via business networking site LinkedIn.com leverages user trust and a kitchen sink of browser exploits in a bid to install the password-stealing ZeuS Trojan.
The spam campaign began Monday morning, according to security experts at networking giant Cisco Systems, and for a while the fake LinkedIn invitations accounted for as much as 24 percent of all spam. Recipients who click links in the message are taken to a Web page that reads, “Please Waiting, 4 seconds,” and then sent on to Google.com.
On the way to Google, however, the victim’s browser is silently passed through a site equipped with what appears to be the SEO Exploit Pack, a commercial crimeware kit that tries to exploit more than a dozen browser vulnerabilities in an attempt to install ZeuS.
[log in to unmask]" type="cite">
It appears that messages that are purportedly from LinkedIn Communications are being received by some UVMers. The subject, today, is “LinkedIn Messages, 9/30/2010.” Hovering over the message links shows that the destination is anything but LinkedIn. Has there been other reports of this spoofing attempt?