Bogus LinkedIn E-mails Launched by Cybercriminals

According to the security experts at the security lab M86, a new series of fake e-mails pretending as LinkedIn invitations are presently targeting LinkedIn users on the internet.

The fake e-mail messages comes with a subject line of "[Name] at [Company] wants to connect on LinkedIn" and have copied headers to give an impression as if they have come from a @linkedin.com e-mail id.

It appears that, the attackers utilized an authentic LinkedIn e-mail template and substituted the target link of the confirmation button. The text of the fake e-mail message is LinkedIn's default "I'd (sender of the e-mail) like to add you (receivers) to the professional network on LinkedIn" phrase.

Nevertheless, the spam artists did ignore few details. For instance, the name in the subject doesn't match up to the one mentioned in the message.

As per the security researchers at M86, the confirmation button directs users to a malware ridden webpage on the domain name of salesforceappi.com [with a double p].

Remarkably, the genuine salesforceapi.com [single p] belongs to CRM (Customer relationship management) and cloud computing vendor Salesforce and is utilized to details regarding its API (Application Programming Interface).

Commenting on the whole matter, security experts at M86 stated that, the fake link salesforceappi[dot]com directs to a server harboring an exploit kit, which automatically tries to download malware onto the user's machine by making use of one of a number of 'canned' exploits targeting known vulnerabilities, as reported by M86 security on June 3, 2011.

M86 highlighted that after some inquiry, they spotted the exploit kit as the Blackhole kit, and managed to find few remarkable statistics that disclosed that the volume of successful malware 'loaded' was 17.55%, and successful malware loads against majority of the web browsers, with Internet Explorer leading with a share of 28.25% of loads, and Java exploits accounted for 80% of the successful loads. PDF exploits held a further 12% share.

The security company concluded by saying that the moral of above discussed attack is that users should frequently update their security software, nearly, all the time, especially Java and PDF readers.

Additionally, the above mentioned attack emerges just a few days after (first week of June 2011) when, security company Trusteer disclosed that it has identified a new malicious campaign attacking the users of popular website LinkedIn.

Related article: Bugs Swell In Browsers in 2006

» SPAMfighter News - 6/15/2011