bill-swift - June 20, 2012
The social network for professionals, LinkedIn, is apparently the flavor of the month for cyber criminals all over the world. After having close to 6.5 million password hashes of its users leaked last week, a new spam campaign that's still targeting users of the site has been discovered.
Researchers from PandaLabs intercepted an email that was inviting the recipient to check his or her inbox on LinkedIn. Apparently, 10 new messages were waiting to be read, and if you're active on the social network, then you'll probably click on the link to 'view your inbox' without any second thoughts.
That's what the spammers want you to do anyway, so they can load an exploit and plant malware on your device. As to what happens next..
In some cases, your browser will crash. In other cases, the page will just appear to sit there and nothing happens. In unfortunate cases, the exploit will begin doing its work. As said before, a mixed flavor of Adobe and Java exploits are used.
-- Bart Parys, security researcher at PandaLabs
Seems like a lot of malware for just one link, don't you think? Once the malware is installed, it will try to phone or connect with pre-programmed numbers or IP addresses and download more malware. The connection can also be used by the cyber criminals to send further instructions so they can turn your computer into a botnet.
First things first: check email messages you get before clicking on any links in them, even if they seem legitimate. It's better to be safe than sorry. Next, make sure all of your current programs or apps have been patched, and keep your anti-virus program updated.
Please log in again. The login page will open in a new tab. After logging in you can close it and return to this page.