Attack Targets LinkedIn Users With Fake Contact Requests 122
wiredmikey writes "On Monday morning, cybercriminals began sending massive volumes of spam email messages targeting LinkedIn users. Starting at approximately 10am GMT, users of the popular business-focused social networking site began receiving emails with a fake contact request containing a malicious link. According to Cisco Security Intelligence, these messages accounted for as much as 24% of all spam sent within a 15-minute interval today. If users click, they are taken to a web page that says 'PLEASE WAITING.... 4 SECONDS..' and then redirected to Google, appearing as if nothing has happened. During those four seconds, the site attempted to infect the victim's PC with the ZeuS Malware via a 'drive-by download' – something that requires little or no user interaction to infect a system."
NoScript FTW (Score:5, Insightful)
Re: (Score:2, Insightful)
I don't understand how people can stand surfing with NoScript--it's got to be the most obnoxious add-on ever. Worse than those software firewalls that prompt you to to allow/disallow traffic every 3 minutes.
Re: (Score:3, Insightful)
Re: (Score:1)
Re: (Score:1, Funny)
You could always buy smaller sized pants.
Is this still a metaphor for computer security, because I think I got lost somewhere. This never happens with car analogies.
Re: (Score:2)
Re:NoScript FTW (Score:4, Insightful)
Re: (Score:1, Insightful)
Actually, users who know what they are doing don't need NoScript, we just don't visit shitty sites in the first place, but hey, whatever makes you feel superior to ... well whoever you think NoScript makes you better than.
Re:NoScript FTW (Score:4, Informative)
And that doesn't mention the XSS protection
Re: (Score:3, Insightful)
Yes, because the LAST thing you'd want advertisements to target is SOMETHING YOU'RE ACTUALLY INTERESTED IN !
Much better everyone gets to punch the monkey !
Seriously, what is your problem with targeted ads ?
When you go into the same bar every day, the barman gets to know your usual tipple, and will often greet you with "Hello mate, the usual ?". You don't punch the fucker out shouting "stop invading my privacy with your tracking mechanisms".
Oh wait, a bar is outside the safety of the basement isn't it ?
Re: (Score:2)
Exactly. I might be tempted to waste my money if I did.
They are potentially harder to ignore.
People go to a bar
Re: (Score:1, Flamebait)
Exactly. I might be tempted to waste my money if I did.
They are potentially harder to ignore.
Or you could grow a spine. Or a brain. Or perhaps some common sense, if such a thing were possible.
Any of these will help much better with your involuntary spending disorder.
Re: (Score:2)
Re: (Score:2)
But how would you feel if your local sex shop rang your wife by mistake at home to say they had a special offer on "Anal Teenage Lesbian Farmyard Scat Lovers 15" as you'd enjoyed its predecessors so much?
Ha, not quite so keen now, are we, Mr "I Have nothing To Hide"?
Re: (Score:2)
This is why you're supposed to lock your computer when you step away from your desk!
Re: (Score:2)
Let them.
Re: (Score:1, Flamebait)
we just don't visit shitty sites in the first place
Really? You never click on URLs with non-obvious destinations [tinyurl.com]? And even if you don't, are you sure that no site you visit will ever have a security hole allowing people to post arbitrary HTML?
You're not nearly as safe as you think you are.
Re: (Score:2, Insightful)
Re: (Score:2)
Re: (Score:1)
Re:NoScript FTW (Score:4, Informative)
1. noob
2. user
3. 'expert' who *knows* they won't get busted
4. actual expert who knows that any precaution is not fool proof and it's best not to proclaim how much better they are than others.
See the bold mirror moron
Re: (Score:1, Insightful)
Actually, users who know what they are doing don't need NoScript, we just don't visit shitty sites in the first place
Exactly. NoScript is for the sort of person who visits LinkedIn.
Re: (Score:1)
What sort of person visits LinkedIn?
(and FWIW, I got my current job through LinkedIn)
Re: (Score:2)
I mean... In Soviet Russia, LinkedIn visits YOU
Yeah... that's it...
Re: (Score:2)
That is just trolling.
It's not as if LinkdIn or other high profile sites routinely feature drive by downloads.
In fact, there is no such thing as a "safe" browsing habit simply because there are a number of ways to introduce malware into an otherwise secure website.
Thus understanding the inherit dangers in using a web browser and applying relatively good practices you can be a bit more safer then you were before.
Re: (Score:1)
It's not as if LinkdIn or other high profile sites routinely feature drive by downloads.
Not only that, the attack in question targets LinkedIn users with a fake link via email. The attack isnt even hosted on the service's website.
Re:NoScript FTW (Score:5, Insightful)
Actually, users who know what they are doing don't need NoScript, we just don't visit shitty sites in the first place, but hey, whatever makes you feel superior to ... well whoever you think NoScript makes you better than.
As various ad sites that legitimate businesses use have had repeated reports of malware embedded in their flash, graphical, or other payloads, I wish you the best of luck, and promise not to say I told you so when you become one of the millions of zombies out there that help infect the rest of the world.
Sadly enough, it's people like you who tend to be the highest point of people who get infected. You know, the ones who say 'it won't be me'.
Arrogance tends to be the easiest weakness for virus attacks.
Re:arrogance or practicality, stupidity is worse. (Score:2)
NoScript blocks 'flash' and other payloads -- even fonts (which I know of no exploits for). As for graphical vectors -- I can count the number of those on 1 hand in the past 10-15 years, actually, 1 finger now that I think about it. But you can block
those if that's where your tolerance is.
You have to draw lines somewhere. Technologies that allow some program, written by someone else to run on your machine, just by visiting a website, are where I get uncomfortable. I permit them on reasonable sites and
Re: (Score:2)
Fonts had a couple of exploits. I am too lazy to trawl my BUGTRAQ archive at the moment, but I can recall at least a few.
In any case, noscript helps, but it is not enough. You can still get nailed by a payload on a site which is in the whitelist. In addition to that, most sites nowdays make such heavy use of Javascript and Flash that you end up tweaking settings for half an hour before you can browse a site.
Re: (Score:2)
What are you taking about?
I rarely have to tweak more than the main page for most stuff. If I'm actually using the site to post or buy or interact, I sometimes have to enable a static and a script site in addition to the main -- usually a total of 3, _tops_ for full use of most sites -- and those are ones that are not on my white list. I spend far less time on NoScript config/week than I do waiting on the internet in a single day: the same would be true of anyone who knows what they are doing. So your s
Re: (Score:2)
Actually, users who know what they are doing don't need NoScript, we just don't visit shitty sites in the first place
Users who know what they are doing never visit porn sites?
Wow. So I don't know what I'm doing and am also more perverted than the average slashdot user. That's... unexpected...
Re: (Score:2, Insightful)
By limiting yourself to the 50 web sites produced by trusted large firms, you're missing out on 99%+ of the internet. It's like listening to Clear Channel but only on the timeslots where the particular DJ comes personally recommended to you by a Justice of the Peace. Then again, some trusted firms are known for doing not-entirely-squeaky-clean things too. Sony rootkit anyone?
Do you also forego antivirus on you computer on the grounds that you only visit non-shitty websites a
Re: (Score:1)
Just how did this get modded insightful?
Yes, you can often tell the shitty sites from the URL, and you can avoid obvious phishing messages. But there are plenty of moderately reputable sites that have been compromised at one time or another. All it requires is one of these to have a drive-by download on it when you visit it, and you've got the lurgi.
Also, who hasn't accidentally clicked the wrong link at some time? Either by being a bit quick and missing, poor hit boxes on sites, or an RSS feed updating jus
Re: (Score:1)
Yeah.
1. I know what I'm doing so I get an anti-virus program. A good one.
2. "as the malware first runs a series of browser exploits"
I know what I'm doing so I get a different browser. Poor IE.
Re: (Score:2)
Actually, users who know what they are doing don't need NoScript, we just don't visit shitty sites in the first place
You're right here's a simple checklist:
-no sites that present user content (webmail, social networking, wikipedia, blogs or forums) because someone might sneak XSS past filters
-no sites without SSL, otherwise you're vulnerable to MITM injection of scripts
-no sites that use third-party analytics or advertising that could inject scripts
-no URL shortners or sites that redirect to third-party sites.
That narrows it down to sites you can trust without noscript. Unless they get hacked.
Exercise for the reader, tel
Re: (Score:2)
Exercise for the reader, tell me if they're safe or not:
www.lady-gaga.com
Unsafe. Regardless of whether it's the real site or a fake one. In fact, the fake one is probably safer.
Re: (Score:2)
Actually, users who know what they are doing don't need NoScript, we just don't visit shitty sites in the first place, but hey, whatever makes you feel superior to ... well whoever you think NoScript makes you better than.
You obviously don't have friends who are less careful and send you links to iffy sites in amongst links to ones you are actually interested in. You've obviously never visited an otherwise legitimate and safe site who was using an advertising network that either went bad of their own accord or were somehow exploited by a malicious entity. And so on. While it certainly isn't for everyone, NoScript is something I find particularly useful. White-listing the sites you need to run code from is easy and once you'v
Re: (Score:1)
Users should enable ABE rule pushing. Click the Options button, select the Advanced tab, select the ABE tab and check Allow sites to push their own rulesets (instructions based on NoScript v2.0.3.2). You'll be glad you did.
Re: (Score:2)
Re: (Score:2, Funny)
The thing is, noscript doesn'HEY YOU JUST TYPED AN APOSTROPHE, ARE YOU SURE YOU WANT TO ALLOW THIS? (Y/N)t offer much in the way of proHEY YOU JUST TYPED AN O, ARE YOU SURE YOU WANT TO ALLOW THIS? (Y/N)tection and an awful loHEY YOU JUST TYPED AN O, ARE YOU SURE YOU WANT TO ALLOW THIS? (Y/N)t of annoyance.HEY YOU JUST TYPED A FULL STOP, ARE YOU SURE YOU WANT TO ALLOW THIS? (Y/N)
Re: (Score:2)
The thing is, noscript doesn'HEY YOU JUST TYPED AN APOSTROPHE, ARE YOU SURE YOU WANT TO ALLOW THIS? (Y/N)t offer much in the way of proHEY YOU JUST TYPED AN O, ARE YOU SURE YOU WANT TO ALLOW THIS? (Y/N)tection and an awful loHEY YOU JUST TYPED AN O, ARE YOU SURE YOU WANT TO ALLOW THIS? (Y/N)t of annoyance.HEY YOU JUST TYPED A FULL STOP, ARE YOU SURE YOU WANT TO ALLOW THIS? (Y/N)
Stop using Vista then.
Well at least it isn't a car analogy (Score:2)
That is like saying that you don't understand how people can refuse to have sex with an AIDS infected whore. The internet is a very dangerous place without a lot of protection. A little inconvenience is a good trade off. I don't understand you can be on a place like Slashdot and not see this.
Well at least it isn't a car analogy
Re: (Score:2, Informative)
It can be a-bit annoying as some sites stuff their pages with js from different sources so you're not sure which you must allow for the video to start playing etc.. But most of the time you end up visiting sites that you've already allowed and the rest of the 90% of the time you don't want to add an allow rule. I've been using it for a long time.
The obnoxious part must be the default setup, maybe people don't know that you're supposed to hide that bar that pops up on each site saying that it has blocked js,
Re: (Score:3, Informative)
Eh, it works fine for me. Enable second-level domain scripts, and explicitly allow a few others (disqus, Google (a lot of people use their copies of jquery, etc), and a few others), and it works pretty well for the most part. Yeah, you occasionally come across a site that you have to "temporarily allow" a bunch of stuff to get it working, but those are the exception, IME.
Re: (Score:2, Funny)
I don't understand how people can stand surfing with NoScript--it's got to be the most obnoxious add-on ever. Worse than those software firewalls that prompt you to to allow/disallow traffic every 3 minutes.
It's not just that; I tried it for a few days, but couldn't figure out where the setting was to disable the "become a smug self-important jackass who has to constantly brag about NoScript in every possible online venue" mode. Since I have this attachment to my dignity and don't go clicking links from random people (and frequently not even from trusted people), I uninstalled it.
Re: (Score:2)
Haven't you worked it out yet ?
Whenever a textarea tag is found on a page, NoScript is automatically adding in the glowing references to NoScript, and hitting the submit button.
No user interaction required. How smart is that ?
Re: (Score:2)
Lots of sites seem to use Javascript for their menus.
And while Java applets are indeed mostly dead, Paypal uses one if you purchase postage online, which is a handy feature. Yeah, Paypal sucks and all, but I don't know any other place that lets you purchase USPS First Class postage so easily (USPS's own site only lets you buy Priority and Express, which are overpriced). (And don't mention encidia; Paypal at least doesn't require a monthly fee.)
Re: (Score:1)
I don't understand how people can stand surfing with NoScript--it's got to be the most obnoxious add-on ever.
Yes, it is extremely frustrating to four important groups of people, those being
1. Malware authors who are perfectionists and want -everyone- to get infected, not just 90%
2. Advertisers who are convinced that ads that flash at you, pop up a billion ads, and start playing noises are the way to economic recovery
3. People who can't be bothered to click a part of the window the first time they visit a new website
4. People who hate not being infected with malware.
Those people have my deepest sympathies.
Re: (Score:2)
I don't think NoScipt works in IE.
Re: (Score:2)
Re: (Score:2)
LinkedIn spam - but I repeat myself (Score:5, Funny)
" sending massive volumes of spam email messages targeting LinkedIn users."
To paraphrase Mark Twain:
Linkedin are just spammers anyway. (Score:5, Informative)
Linkedin are just a bunch of spammers anyway.
I got an email from them, claiming that someone I knew wanted me to join. It was a spammer - the "custom message" that was included was a single link to a spam site in China.
The email had a "if this is spam..." report button, so I used it, and noted to linkedin that I didn't know the person, and it was *obviously* spam (the link was to a spam site.) Their automated system thanked me for reporting the abuse, and I thought that was the end of it.
Two weeks later, I receive a "helpful reminder" from Linkedin, telling me that I hadn't confirmed or rejected the invitation. Not only had they not taken any action, they helpfully included the spam link, and seemed blissfully unaware that I had reported this spammer's account two weeks prior.
Linkedin are just a bunch of scummy spammers. I blocked all email from their domain since.
Re: (Score:2)
Linkedin are just a bunch of scummy spammers. I blocked all email from their domain since.
That's not enough. Headhunters are going to continue to call you at work. They see where you are working and then just call your company's operator asking for you. Once you put your information on Linkedin it is for sale to anyone that pays them for it.
Re:Linkedin are just spammers anyway. (Score:5, Informative)
You do realize this current round isn't actually coming from LinkedIn right? Nor does it actually link back to their website?
Ban their domains 18 ways to sunday, you'll still get the messages.
Re: (Score:2)
You mean you clicked on something without checking the message header? I get all kinds of bogus phishing and adware site spam-- but I've yet to see them successfully forge a header from a real site.
Re: (Score:2)
I got this probably about the same time you did, some Liu Chang or something wanting me to join. The fact that the site itself keeps sending reminders to join is the worst part, the site itself is spamming you. It's obnoxious.
Re: (Score:2)
Are you sure that LinkedIn actually sent the emails and i the weren't just a spam emails? The spam emails that look to be from LinkedIn are quite good forgeries and I don't recall ever seeing real LinkedIn emails refer to a "custom message".
Re: (Score:2)
Email abuse@linkedin.com asking them to block your email address and you'll never see them again.
Of course, if Gmail treated them as spam, there wouldn't have been a problem.
Started earlier (Score:2)
I got a spam email which looked like a LinkedIn request last week.
It was immediately obvious that it was fake because it was sent to sales@
It's 2010. Why are browsers not properly sandboxed (Score:1, Insightful)
Why do these "drive by download" vulnerabilities exists? Web browsers should be sandboxed to disallow execution of malicious code. Clicking on a hyperlink should just not execute code that runs outside of the browser sandbox. That's jus
Re: (Score:2)
I would think the answer if obvious. Sand, you see, is extremely small and could get everywhere inside the computer. That's why companies don't sandbox their products.
If you want sand, bring your laptop to the beach.
Re: (Score:2)
P.S.: Slashdot really needs a "smartass" moderation option. Like funny, wouldn't count toward the karma.
Re: (Score:2)
Sure, browsers can run java applets which are sandboxed. Probably why phishers don't use java.
Started before monday, today is the netflix spam (Score:3, Informative)
LinkedIn spamming started before today, I know as we've got several from last week.
Today we started getting the netflix emails about 'lost in mail' disks for movies that haven't been requested and/or to users without netflix accounts.
Way to notice whats going on guys.
Re: (Score:2)
What I get (Score:1)
Re: (Score:2)
The only real contact requests I got on Linked In were spam, just slightly more sophisticated than this. I have never seen that site do anything useful.
Re: (Score:2)
That and fricking headhunters who sent me a request for a one day a week, $20 an hour job in Austin Texas.
Idiots.
[John]
Is there a real exploit here? (Score:5, Insightful)
Or is another "Download gdggdsf.exe" and moronic users click on Run?
So far I've only see "drive by download" which is 100% meaningless. Would it kill them to tell us what exploit, if any is being used?
No kidding (Score:2)
I mean maybe it uses a real exploit, like say the hole in Acrobat Reader. That's been patched now but it is recent so people are probably still vulnerable. Would be nice to know what it is so we know what to look for if a user gets hit.
Re: (Score:3, Interesting)
Bad Grammar (Score:2)
Why is it no matter how short the message involved in a scam, somehow the English is mangled? It seems like a good malware defense is simply a good understanding of the English language. Please WAITING?
But does it run on Linux??! (Score:2)
Strike up the band! (Score:2)
Botnets, worldwide botnets.
What kind of boxes are on on botnets?
Compaq, HP, Dell and Sony, true!
Gateway, Packard Bell, maybe even Asus, too.
Are boxes, found on botnets.
All running Windows. FOO!
I get thousands of these (Score:3, Interesting)
...but I don't think the have anything to do with my non-neglected linkedin account. Its just normal phishing.
What I did get yesterday was a telephone spam phishing attempt. They called told me they had detected malware from my system and tried to get me to load a remote administration tool from their web site [irssupport.net]. Take a look at the language on that site "Blue Screen To Death Error", etc. Its hilarious.
Re: (Score:1)
Re: (Score:2)
Yeah thats the call I got, about 24 hours ago. I am in Australia. I wish I had let the call go longer. Could be good for endless minutes of lulz.
Execute the Bastards (Score:5, Insightful)
Re: (Score:2, Troll)
And how do you feel about the source of all these problems? Is there someone named B.G. at the top of your list?
Re: (Score:1)
The more i think the more i cannot exclude that the industry writes the malware on their own...
Re: (Score:2)
Re: (Score:1)
Re: (Score:2)
Don't use Windows (Score:2, Insightful)
Problem solved.
Re: (Score:1)
Re: (Score:1, Insightful)
Thanks for your useful and astute knowledge of the situation. Everybody should just drop their operating system and use a different one, because nobody relies on certain features of that OS or software exclusive to it. You've really done us all a favor.
So what's new (Score:2)
I got 114 spams for Linkedin on two email accounts from the 24th 11:18 pm GMT+2 to 27th 11:50 GMT +2.... 80% of these were blocked automatically by simple rules like checking for Reverse DNS and checking if the sender IP is blacklisted.
Funny enough, all websites used in the messages point to a file 1.html - I guess they used some bots and some vulnerability of those websites to upload the html file with that particular name.
PLEASE take linkedin.com SPF out of softfail mode (Score:3, Interesting)
$ dig txt linkedin.com
;; ANSWER SECTION:
linkedin.com. 21600 IN TXT "v=spf1 ip4:70.42.142.0/24 ip4:208.111.172.0/24 ip4:64.74.220.0/24 ip4:64.74.221.0/26 ip4:64.71.153.211 ip4:64.74.221.30 ip4:69.28.149.0/24 ip4:208.111.169.128/26 ip4:64.74.98.128/26 ip4:64.74.98.16/29 mx ~all"
Re: (Score:2)
Of course because 90% of routers, firewalls and mail servers have SPF built-in into them and hardwired in a way that it is impossible to disable.
Seriously about 50% of all domains use SPF.
On my small domains with a few machines, I do publish SPF records with a "-all" (dash) record but I do not use SPF directly to filter email. I give a small weight when SPF records do not match amongst a lot of other factors in order to make a decision whether an email is spam or not but I never block an email based only o
Re: (Score:2)
I don't see why, if it's correctly configured. The domain I run has hundreds of machines. There are bigger domains out there, but I don't see how they would be significantly different. "Having an SPF record with -all" simply means you're confident that you know what IP addresses your domain's outgo
My phoney LinkedIn messages started last Friday (Score:2)
I had a few each Friday and Saturday and several on Monday. The URL's of the links varied. None of them were linkedin.com.
Engage brain before clicking.
I must be special. (Score:2)
I just now deleted one from two days ago. And they started before then. But I must admit they have been getting more common. I had like 12 just today.