Attack Targets LinkedIn Users With Fake Contact Requests 122
wiredmikey writes "On Monday morning, cybercriminals began sending massive volumes of spam email messages targeting LinkedIn users. Starting at approximately 10am GMT, users of the popular business-focused social networking site began receiving emails with a fake contact request containing a malicious link. According to Cisco Security Intelligence, these messages accounted for as much as 24% of all spam sent within a 15-minute interval today. If users click, they are taken to a web page that says 'PLEASE WAITING.... 4 SECONDS..' and then redirected to Google, appearing as if nothing has happened. During those four seconds, the site attempted to infect the victim's PC with the ZeuS Malware via a 'drive-by download' – something that requires little or no user interaction to infect a system."
Linkedin are just spammers anyway. (Score:5, Informative)
Linkedin are just a bunch of spammers anyway.
I got an email from them, claiming that someone I knew wanted me to join. It was a spammer - the "custom message" that was included was a single link to a spam site in China.
The email had a "if this is spam..." report button, so I used it, and noted to linkedin that I didn't know the person, and it was *obviously* spam (the link was to a spam site.) Their automated system thanked me for reporting the abuse, and I thought that was the end of it.
Two weeks later, I receive a "helpful reminder" from Linkedin, telling me that I hadn't confirmed or rejected the invitation. Not only had they not taken any action, they helpfully included the spam link, and seemed blissfully unaware that I had reported this spammer's account two weeks prior.
Linkedin are just a bunch of scummy spammers. I blocked all email from their domain since.
Started before monday, today is the netflix spam (Score:3, Informative)
LinkedIn spamming started before today, I know as we've got several from last week.
Today we started getting the netflix emails about 'lost in mail' disks for movies that haven't been requested and/or to users without netflix accounts.
Way to notice whats going on guys.
Re:Linkedin are just spammers anyway. (Score:5, Informative)
You do realize this current round isn't actually coming from LinkedIn right? Nor does it actually link back to their website?
Ban their domains 18 ways to sunday, you'll still get the messages.
Re:NoScript FTW (Score:2, Informative)
It can be a-bit annoying as some sites stuff their pages with js from different sources so you're not sure which you must allow for the video to start playing etc.. But most of the time you end up visiting sites that you've already allowed and the rest of the 90% of the time you don't want to add an allow rule. I've been using it for a long time.
The obnoxious part must be the default setup, maybe people don't know that you're supposed to hide that bar that pops up on each site saying that it has blocked js, and only use the small icon at the corner of the window to allow/disallow, this is just another case of a developer that doesn't give a s***t about fixing annoyances.
Re:NoScript FTW (Score:3, Informative)
Eh, it works fine for me. Enable second-level domain scripts, and explicitly allow a few others (disqus, Google (a lot of people use their copies of jquery, etc), and a few others), and it works pretty well for the most part. Yeah, you occasionally come across a site that you have to "temporarily allow" a bunch of stuff to get it working, but those are the exception, IME.
Re:NoScript FTW (Score:4, Informative)
And that doesn't mention the XSS protection
Re:NoScript FTW (Score:4, Informative)
1. noob
2. user
3. 'expert' who *knows* they won't get busted
4. actual expert who knows that any precaution is not fool proof and it's best not to proclaim how much better they are than others.
See the bold mirror moron