LinkedIn Notifications Employed to Serve Malware
Cyber crooks are once again on their expedition of victimizing fake invitations and messages to the users of social websites Linkedin, as per internet security firm, Commtouch.
Several variables including names, relationships, and the number of messages awaiting response are often prompted through LinkedIn reminders. The spoofed messages resembles to be sent from legitimate sources portraying authentic logo and format, thus creating hazards in identifying them at first sight.
Researchers also reported that on clicking the notification link, users are directed to a an authentic looking notification page, where malicious scripts are employed with a mission to victimize Adobe's Reader and Acrobat applications and Microsoft Windows Help and Support Center in Windows XP.
The infected site entices users with an offer of ornamental plants from a Brazilian company, but in actuality the site holds malware.
According to the Director of Product Marketing at Commtouch, Avi Turiel the malware is quite challenging. However, a major issue linked with these phony invitations are that suspicion is created in the mind of users and they often looks at genuine invitations with a sense of doubt, as per news on infosecurity on April 20, 2012.
This attack is certainly not the first occurrence of attack with LinkedIn users as a similar attack on March 2012 reported by GFI Labs informed about a similar operation of faux LinkedIn notifications clubbed with malicious links. The intention behind such operation was to infect the targeted computer of the user with Cridex malware, utilized normally in spam-based attack operations.
Though hanging a mouse cursor over the URL is enough to reveal the fakeness of a link, there still remains many people who inspite of looking at the LinkedIn branding, click on it thinking it to be legitimate. The more shocking part is these people visits these sites and end up in making purchases. Thus, spammers also take the advantage of innocent users and carry on with their operation of fooling around people, as per GFI Researcher, Sue Wash's claims published in infosecurity on April 20, 2012.
However, security experts recommends users with the general rule of thumb by which, users can verify the legitimacy of a mail. If a message arrives in the inbox of the LinkedIn account, only then, a user should go forward and check it.
Related article: LinkedIn Site Abused With 419 Scam
» SPAMfighter News - 28-04-2012