GFI Software Uncovers Phony LinkedIn E-mails
GFI Software the security research company recently alerted Web-surfers to fake e-mails posing as communications from LinkedIn the business networking website that while circulating online were presently targeting the site's members.
Using an attention-drawing caption "LinkedIn Reminder," the bogus electronic mails have their sender's address concealed, the security company points out.
Moreover, the text of the message seems to remind the recipient that he has one e-mail still unread following which an embedded web-link named "Visit your inbox now" is provided, GFI outlines.
Additionally, according to the e-mail, users who do not wish to get notices via e-mail may change their message settings accordingly. This as well is hyperlinked.
Amazingly, the bogus electronic mail even tries to sound lawful and genuine so it seemingly assures the recipient that LinkedIn is very concerned about his privacy; d therefore it has never provided anybody else on the website his e-mail id devoid of his consent, GFI's security researchers observe.
But, talking further about the attack, the laboratory at GFI stated that if anyone were to follow the e-mail's web-links he would be taken onto one BlackHole attack code, which would install a malicious program on his computer. Gmanetwork.com published this on March 7, 2012.
The malicious program, according to GFI Labs is the Cridex Trojan that harms in many ways ranging from stealing social networking and online banking credentials to cracking the Completely Automated Public Turing-test to tell Computers and Humans Apart (CAPTCHA) system.
The security company further stated that the Internet Protocol addresses, which associated with the LinkedIn e-mail scam, looked exactly like those associated with the earlier Intuit and Better Business Bureau e-mail scams of recent weeks.
It, however, advised that incase any LinkedIn member suspected a LinkedIn-originated e-mail as false then he must visit the website directly for confirming his invites on the site itself.
Eventually, in a likewise assault targeting LinkedIn, Trusteer another security company, during June 2011, discovered fake e-mails that feigned as being sent from LinkedIn. For, if recipients followed those messages' web-link, expecting to get connected with somebody, they actually got diverted onto a malware-delivering server that was based in Russia.
Related article: GPU Processes Fast to Crack Passwords
» SPAMfighter News - 24-03-2012