Spoofed LinkedIn Messages Serving BlackHole Exploit

Monday, March 19, 2012



Users of the business-related social network LinkedIn have reported receiving email notifications that are tainted with a malicious link intended to infect the targeted recipient's computer.

The operation was identified by researchers at security provider GFI Labs, and documented on the company's blog.

"Be advised that there are fake Linkedin invitation reminders in circulation sending users to a BlackHole exploit which attempts to drop Cridex onto the PC," writes GFI's Chris Boyd.

The Cridex malware is commonly utilized in spam-based attack operations, and the use of messages designed to look like LinkedIn notifications potentially makes this particular attack all the more effective, as users are accustomed to receiving numerous communications from the platform daily.

"Cridex is a rather nasty piece of work that does everything from target banks and social networking accounts to a little bit of CAPTCHA cracking," Boyd said.

GFI Labs provided a sample of one of the malicious notifications:

(click image to enlarge)



GFI recommends that LinkedIn users not engage such notifications directly from their email, but instead should confirm the message's authenticity by seeing if the message appears in their LinkedIn account inbox.

"This particular run shares the IP address 41(dot)64(dot)21(dot)71 with various BBB and Intuit spam runs from recent weeks. If in doubt, go directly to LinkedIn and check your invites from there," Boyd continued.

Source:  http://www.gfi.com/blog/fake-linkedin-mails-lead-to-cridex/

Possibly Related Articles:
Viruses & Malware
Email SPAM malware Attack Headlines Spoofing LinkedIn Blackhole Exploit Cridex GFI Labs
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.