Reported a couple of days ago by various security sites including Krebs:

A major new malware spam campaign mimicking invites sent via business networking site LinkedIn.com leverages user trust and a kitchen sink of browser exploits in a bid to install the password-stealing ZeuS Trojan.
The spam campaign began Monday morning, according to security experts at networking giant Cisco Systems, and for a while the fake LinkedIn invitations accounted for as much as 24 percent of all spam. Recipients who click links in the message are taken to a Web page that reads, “Please Waiting, 4 seconds,” and then sent on to Google.com.

On the way to Google, however, the victim’s browser is silently passed through a site equipped with what appears to be the SEO Exploit Pack, a commercial crimeware kit that tries to exploit more than a dozen browser vulnerabilities in an attempt to install ZeuS.




On 9/30/2010 8:47 AM, Moody, Michael D wrote:
[log in to unmask]" type="cite">

It appears that messages that are purportedly from LinkedIn Communications are being received by some UVMers.  The subject, today, is “LinkedIn Messages, 9/30/2010.”  Hovering over the message links shows that the destination is anything but LinkedIn.  Has there been other reports of this spoofing attempt?

 

Michael Moody