Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Attack Targets LinkedIn Users With Fake Contact Requests

Soulskill posted more than 3 years ago | from the hello-sir-madam dept.

Security 122

wiredmikey writes "On Monday morning, cybercriminals began sending massive volumes of spam email messages targeting LinkedIn users. Starting at approximately 10am GMT, users of the popular business-focused social networking site began receiving emails with a fake contact request containing a malicious link. According to Cisco Security Intelligence, these messages accounted for as much as 24% of all spam sent within a 15-minute interval today. If users click, they are taken to a web page that says 'PLEASE WAITING.... 4 SECONDS..' and then redirected to Google, appearing as if nothing has happened. During those four seconds, the site attempted to infect the victim's PC with the ZeuS Malware via a 'drive-by download' – something that requires little or no user interaction to infect a system."

cancel ×

122 comments

Sorry! There are no comments related to the filter you selected.

Join in on the fun! (-1, Troll)

Anonymous Coward | more than 3 years ago | (#33716572)

Register on LinkedIn!

Join me on LinkedIn (0, Offtopic)

seanonymous (964897) | more than 3 years ago | (#33716578)

Just click here: www.google.com

NoScript FTW (4, Insightful)

robot256 (1635039) | more than 3 years ago | (#33716632)

NoScript FTW. Seriously.

Re:NoScript FTW (2, Insightful)

Anonymous Coward | more than 3 years ago | (#33716672)

I don't understand how people can stand surfing with NoScript--it's got to be the most obnoxious add-on ever. Worse than those software firewalls that prompt you to to allow/disallow traffic every 3 minutes.

Re:NoScript FTW (3, Insightful)

Anonymous Coward | more than 3 years ago | (#33716734)

Yeah, belts are the same way, I can't stand how they always keep my pants *up* when they might fall down otherwise.

Re:NoScript FTW (1)

greyline (1052440) | more than 3 years ago | (#33716848)

You could always buy smaller sized pants.

Re:NoScript FTW (1, Funny)

Anonymous Coward | more than 3 years ago | (#33717092)

You could always buy smaller sized pants.

Is this still a metaphor for computer security, because I think I got lost somewhere. This never happens with car analogies.

Re:NoScript FTW (0)

Anonymous Coward | more than 3 years ago | (#33717508)

Browsing with lynx = hotpants?

Re:NoScript FTW (4, Insightful)

aekafan (1690920) | more than 3 years ago | (#33716746)

That is like saying that you don't understand how people can refuse to have sex with an AIDS infected whore. The internet is a very dangerous place without a lot of protection. A little inconvenience is a good trade off. I don't understand you can be on a place like Slashdot and not see this.

Re:NoScript FTW (0, Flamebait)

pixelpusher220 (529617) | more than 3 years ago | (#33716780)

NoScript is an absolute must have for anyone who knows what they are doing.

However, for the tech luddites it can *really* mess things up for them. The solution of course is to have the non-techy always browse at absolute minimum permissions so at least some of the damage can be mitigated when IE engages in its hopelessly condom free visits to the porn sites.

I wonder if it has a 'stop most bad things' type of stuff that some web and google click preventers have?

Re:NoScript FTW (1, Insightful)

BitZtream (692029) | more than 3 years ago | (#33716872)

NoScript is an absolute must have for anyone who knows what they are doing

Actually, users who know what they are doing don't need NoScript, we just don't visit shitty sites in the first place, but hey, whatever makes you feel superior to ... well whoever you think NoScript makes you better than.

Re:NoScript FTW (4, Informative)

bhcompy (1877290) | more than 3 years ago | (#33716980)

Slashdot uses doubleclick.net, NoScript blocks that inherently. Thus, no one is tracking my habits without having to modify anything and I don't have to worry about completely disabling cookies so I don't need to re-login to every website I peruse.

And that doesn't mention the XSS protection

Re:NoScript FTW (2, Insightful)

daveime (1253762) | more than 3 years ago | (#33719222)

Yes, because the LAST thing you'd want advertisements to target is SOMETHING YOU'RE ACTUALLY INTERESTED IN !

Much better everyone gets to punch the monkey !

Seriously, what is your problem with targeted ads ?

When you go into the same bar every day, the barman gets to know your usual tipple, and will often greet you with "Hello mate, the usual ?". You don't punch the fucker out shouting "stop invading my privacy with your tracking mechanisms".

Oh wait, a bar is outside the safety of the basement isn't it ?

Re:NoScript FTW (0)

Anonymous Coward | more than 3 years ago | (#33719324)

Who let the marketing guy into Slashdot?

Re:NoScript FTW (1)

ultranova (717540) | more than 3 years ago | (#33719520)

Yes, because the LAST thing you'd want advertisements to target is SOMETHING YOU'RE ACTUALLY INTERESTED IN !

Exactly. I might be tempted to waste my money if I did.

Seriously, what is your problem with targeted ads ?

They are potentially harder to ignore.

When you go into the same bar every day, the barman gets to know your usual tipple, and will often greet you with "Hello mate, the usual ?". You don't punch the fucker out shouting "stop invading my privacy with your tracking mechanisms".

People go to a bar to buy drinks, and interact with the barman openly. They don't go to Slashdot to buy whatever crap the ads on it are peddling, nor are they necessarily aware that doubleclick or other parasites are tracking them.

Re:NoScript FTW (0, Flamebait)

mwvdlee (775178) | more than 3 years ago | (#33719936)

Yes, because the LAST thing you'd want advertisements to target is SOMETHING YOU'RE ACTUALLY INTERESTED IN !

Exactly. I might be tempted to waste my money if I did.

Seriously, what is your problem with targeted ads ?

They are potentially harder to ignore.

Or you could grow a spine. Or a brain. Or perhaps some common sense, if such a thing were possible.
Any of these will help much better with your involuntary spending disorder.

Re:NoScript FTW (0, Flamebait)

mrnobo1024 (464702) | more than 3 years ago | (#33717056)

we just don't visit shitty sites in the first place

Really? You never click on URLs with non-obvious destinations [tinyurl.com] ? And even if you don't, are you sure that no site you visit will ever have a security hole allowing people to post arbitrary HTML?

You're not nearly as safe as you think you are.

Re:NoScript FTW (2, Insightful)

oldspewey (1303305) | more than 3 years ago | (#33717568)

Maybe I'm an anomaly, but I actually refuse to click tinyurl links.

Re:NoScript FTW (1)

tunapez (1161697) | more than 3 years ago | (#33718848)

Ditto. If the nav bar isn't telling me where I'm going, I'm not.

Re:NoScript FTW (0)

Anonymous Coward | more than 3 years ago | (#33717696)

A/C seconding.

I refuse to follow URL shorteners. tinyurl, bit.ly, mcaf.fe... I don't care who sends them. Redirection services are hell on the web, hell on information archival, hell on my web browser. And they're hell on my webserver--I don't want to see bit.ly in my REFERRER LOGS Give me the damned URI the client came from, not somebody eating the information before it gets to me.

If they don't want to send it, there's any number of proxies that can strip it out. URI shorteners break the web's model and are worthless for anything but twitter twats.

CAPTCHA: "retrofit" -- how appropriate.

Re:NoScript FTW (1)

crow_t_robot (528562) | more than 3 years ago | (#33718596)

How did parent get modded as flamebait?

Re:NoScript FTW (3, Informative)

pixelpusher220 (529617) | more than 3 years ago | (#33717074)

lets see the rankings:

1. noob
2. user
3. 'expert' who *knows* they won't get busted
4. actual expert who knows that any precaution is not fool proof and it's best not to proclaim how much better they are than others.

See the bold mirror moron

Re:NoScript FTW (1, Insightful)

Anonymous Coward | more than 3 years ago | (#33717120)

Actually, users who know what they are doing don't need NoScript, we just don't visit shitty sites in the first place

Exactly. NoScript is for the sort of person who visits LinkedIn.

Re:NoScript FTW (1)

oldspewey (1303305) | more than 3 years ago | (#33717578)

What sort of person visits LinkedIn?

(and FWIW, I got my current job through LinkedIn)

Re:NoScript FTW (1)

asylumx (881307) | more than 3 years ago | (#33717836)

People who don't have jobs?

I mean... In Soviet Russia, LinkedIn visits YOU

Yeah... that's it...

Re:NoScript FTW (1)

Cylix (55374) | more than 3 years ago | (#33718218)

That is just trolling.

It's not as if LinkdIn or other high profile sites routinely feature drive by downloads.

In fact, there is no such thing as a "safe" browsing habit simply because there are a number of ways to introduce malware into an otherwise secure website.

Thus understanding the inherit dangers in using a web browser and applying relatively good practices you can be a bit more safer then you were before.

Re:NoScript FTW (5, Insightful)

MrSenile (759314) | more than 3 years ago | (#33717134)

Actually, users who know what they are doing don't need NoScript, we just don't visit shitty sites in the first place, but hey, whatever makes you feel superior to ... well whoever you think NoScript makes you better than.

As various ad sites that legitimate businesses use have had repeated reports of malware embedded in their flash, graphical, or other payloads, I wish you the best of luck, and promise not to say I told you so when you become one of the millions of zombies out there that help infect the rest of the world.

Sadly enough, it's people like you who tend to be the highest point of people who get infected. You know, the ones who say 'it won't be me'.

Arrogance tends to be the easiest weakness for virus attacks.

Re:arrogance or practicality, stupidity is worse. (1)

lpq (583377) | more than 3 years ago | (#33719394)

NoScript blocks 'flash' and other payloads -- even fonts (which I know of no exploits for). As for graphical vectors -- I can count the number of those on 1 hand in the past 10-15 years, actually, 1 finger now that I think about it. But you can block
those if that's where your tolerance is.

You have to draw lines somewhere. Technologies that allow some program, written by someone else to run on your machine, just by visiting a website, are where I get uncomfortable. I permit them on reasonable sites and don't worry about them again. I can't see anyone complaining about such -- you can even default to permitting the main site by default which would protect most people from 3rd-party website-hosted scripts -- at least then you just have to trust the websites you visit and not all the websites they or someone else might include.

You are very naive or stupid if you think that 'imperfect protection' == no protection, since no protection is perfect and all protection is 'imperfect', save complete isolation, but then you wouldn't be reading this. This isn't to say that NoScript is a solution to everything, but it would be to the original problem -- a drive-by script load from a noname site. Problem solved. Next?

Re:arrogance or practicality, stupidity is worse. (1)

arivanov (12034) | more than 3 years ago | (#33719916)

Fonts had a couple of exploits. I am too lazy to trawl my BUGTRAQ archive at the moment, but I can recall at least a few.

In any case, noscript helps, but it is not enough. You can still get nailed by a payload on a site which is in the whitelist. In addition to that, most sites nowdays make such heavy use of Javascript and Flash that you end up tweaking settings for half an hour before you can browse a site.

Re:NoScript FTW (0)

Anonymous Coward | more than 3 years ago | (#33717180)

You do realize that ligitimate, trusted sites get compromised to serve this exact malware *frequently* right? And that other sites you trust occasionally have ads pop up on them that do the exact same thing?

NoScript really is a good idea.

Re:NoScript FTW (1)

interkin3tic (1469267) | more than 3 years ago | (#33717280)

Actually, users who know what they are doing don't need NoScript, we just don't visit shitty sites in the first place

Users who know what they are doing never visit porn sites?

Wow. So I don't know what I'm doing and am also more perverted than the average slashdot user. That's... unexpected...

Re:NoScript FTW (0)

Anonymous Coward | more than 3 years ago | (#33719684)

That's what VirtualBox is for along with discarding the VM snapshot when done .....

Re:NoScript FTW (2, Insightful)

srodden (949473) | more than 3 years ago | (#33717294)

Now who's feeling superior?

By limiting yourself to the 50 web sites produced by trusted large firms, you're missing out on 99%+ of the internet. It's like listening to Clear Channel but only on the timeslots where the particular DJ comes personally recommended to you by a Justice of the Peace. Then again, some trusted firms are known for doing not-entirely-squeaky-clean things too. Sony rootkit anyone?

Do you also forego antivirus on you computer on the grounds that you only visit non-shitty websites and you're smart enough to not open attachments?

Life is full of uncertainty. To say that you'll never visit a shitty site is like saying you'll never walk down a street where you'll get mugged or you'll never sleep with a person that has an STD. Street lights, mace, vaccine and condoms are parts of a broad set of tools that we have to protect our person in meatspace. Tools like a decent browser, antivirus, firewall and script blocker are just parts of a broad set of tools that we have to protect us in cyberspace.

After 20 years in computing, I like to think that I'm one of the people "that know what they're doing" but never the less, I practice safe computing. I've never been hit by a virus or identity theft to the best of my knowledge. Is that because of my good habits or my precautions? I don't know but I don't claim to be perfect so I'm glad I have these helper apps.

Re:NoScript FTW (0)

Anonymous Coward | more than 3 years ago | (#33717530)

NoScript is an absolute must have for anyone who knows what they are doing

Actually, users who know what they are doing don't need NoScript, we just don't visit shitty sites in the first place, but hey, whatever makes you feel superior to ... well whoever you think NoScript makes you better than.

Shitty sites like, say, the New York Times and CNN? I seem to recall malicious advertisements making their way into the rotations of both sites in the last few years.

Running any arbitrary javascript that comes down the tubes and declaring yourself safe because you only visit reputable sites is naïve as long as the internet is largely ad supported.

Re:NoScript FTW (1)

Knackered (311164) | more than 3 years ago | (#33717886)

Just how did this get modded insightful?

Yes, you can often tell the shitty sites from the URL, and you can avoid obvious phishing messages. But there are plenty of moderately reputable sites that have been compromised at one time or another. All it requires is one of these to have a drive-by download on it when you visit it, and you've got the lurgi.

Also, who hasn't accidentally clicked the wrong link at some time? Either by being a bit quick and missing, poor hit boxes on sites, or an RSS feed updating just as you click?

NoScript is a very valuable tool to prevent all the crap that goes along with the web nowadays, whilst allowing it to work in exceptional circumstances. It does need a certain level of sophistication to use effectively. In fact, I think I'll go and donate to its continuing development.

Re:NoScript FTW (1)

Iggyhopper (1880812) | more than 3 years ago | (#33717910)

Yeah.

1. I know what I'm doing so I get an anti-virus program. A good one.

2. "as the malware first runs a series of browser exploits"

I know what I'm doing so I get a different browser. Poor IE.

Re:NoScript FTW (1)

Stray7Xi (698337) | more than 3 years ago | (#33717974)

Actually, users who know what they are doing don't need NoScript, we just don't visit shitty sites in the first place

You're right here's a simple checklist:
-no sites that present user content (webmail, social networking, wikipedia, blogs or forums) because someone might sneak XSS past filters
-no sites without SSL, otherwise you're vulnerable to MITM injection of scripts
-no sites that use third-party analytics or advertising that could inject scripts
-no URL shortners or sites that redirect to third-party sites.

That narrows it down to sites you can trust without noscript. Unless they get hacked.

Exercise for the reader, tell me if they're safe or not:
www.papajohnsonline.com
www.toyotarecall.com
www.lady-gaga.com
www.metacritic.com

If you loaded them to check, it's too late to protect from a drive-by but they're all potentially risky. Papa johns redirects to third party advertiser after ordering (or at least they used to, either way you won't know until after it happens.) Next two aren't real pages. Metacritic loads scripts from at least 7 different domains (probably more once you start allowing those scripts)

Re:NoScript FTW (1)

mwvdlee (775178) | more than 3 years ago | (#33719960)

Exercise for the reader, tell me if they're safe or not:
www.lady-gaga.com

Unsafe. Regardless of whether it's the real site or a fake one. In fact, the fake one is probably safer.

Re:NoScript FTW (0)

Anonymous Coward | more than 3 years ago | (#33718498)

If my computer was only used by me while I am happily sitting in the basement feeling superior to everyone else on Slashdot, then sure, I could argue that NoScript isn't really needed, but I live in the real world, where others do indeed use this computer, and therefore, these types of tools, are *VERY* useful to have installed. Try not to be so naive with how a computer might be used, not all of us got shiny new laptops for Christmas from mom and dad.

Re:NoScript FTW (1)

WidgetGuy (1233314) | more than 3 years ago | (#33718276)

NoScript Rocks! I provide a rules.abe file with each of my Web sites. All Web developers should.

Users should enable ABE rule pushing. Click the Options button, select the Advanced tab, select the ABE tab and check Allow sites to push their own rulesets (instructions based on NoScript v2.0.3.2). You'll be glad you did.

Re:NoScript FTW (1)

pixelpusher220 (529617) | more than 3 years ago | (#33719230)

how in the fsck is this flamebait? lol

Re:NoScript FTW (1, Funny)

Gordonjcp (186804) | more than 3 years ago | (#33716814)

The thing is, noscript doesn'HEY YOU JUST TYPED AN APOSTROPHE, ARE YOU SURE YOU WANT TO ALLOW THIS? (Y/N)t offer much in the way of proHEY YOU JUST TYPED AN O, ARE YOU SURE YOU WANT TO ALLOW THIS? (Y/N)tection and an awful loHEY YOU JUST TYPED AN O, ARE YOU SURE YOU WANT TO ALLOW THIS? (Y/N)t of annoyance.HEY YOU JUST TYPED A FULL STOP, ARE YOU SURE YOU WANT TO ALLOW THIS? (Y/N)

Re:NoScript FTW (0)

Anonymous Coward | more than 3 years ago | (#33717428)

I don't understand you can be on a place like Slashdot and not see this.

What's there to undeIs Ur Pole Diminished?! BUY 3XTENZ0R NOW AT WWW.3XT3NZ0R.RU!!!
goddammit, my keyboard keeps freaking out. Anyway, I don't take any special precautions and
the Internet seems perfectly safe to me.

Re:NoScript FTW (0)

Anonymous Coward | more than 3 years ago | (#33717502)

That is like saying that you don't understand how people can refuse to have sex with an AIDS infected whore. The internet is a very dangerous place without a lot of protection.

If you are using a computer with a weak immune system, then you are AIDS infected whore, and apparently you want to visit a daycare facility full of kids with fevers and snot dripping noses. I'd wear a mask and cover yourself with alcohol-based gel if I were you.

Re:NoScript FTW (2, Informative)

HelloKitty2 (1585373) | more than 3 years ago | (#33716880)

It can be a-bit annoying as some sites stuff their pages with js from different sources so you're not sure which you must allow for the video to start playing etc.. But most of the time you end up visiting sites that you've already allowed and the rest of the 90% of the time you don't want to add an allow rule. I've been using it for a long time.

The obnoxious part must be the default setup, maybe people don't know that you're supposed to hide that bar that pops up on each site saying that it has blocked js, and only use the small icon at the corner of the window to allow/disallow, this is just another case of a developer that doesn't give a s***t about fixing annoyances.

Re:NoScript FTW (2, Informative)

Abcd1234 (188840) | more than 3 years ago | (#33716884)

Eh, it works fine for me. Enable second-level domain scripts, and explicitly allow a few others (disqus, Google (a lot of people use their copies of jquery, etc), and a few others), and it works pretty well for the most part. Yeah, you occasionally come across a site that you have to "temporarily allow" a bunch of stuff to get it working, but those are the exception, IME.

Re:NoScript FTW (2, Funny)

Anonymous Coward | more than 3 years ago | (#33716910)

I don't understand how people can stand surfing with NoScript--it's got to be the most obnoxious add-on ever. Worse than those software firewalls that prompt you to to allow/disallow traffic every 3 minutes.

It's not just that; I tried it for a few days, but couldn't figure out where the setting was to disable the "become a smug self-important jackass who has to constantly brag about NoScript in every possible online venue" mode. Since I have this attachment to my dignity and don't go clicking links from random people (and frequently not even from trusted people), I uninstalled it.

Re:NoScript FTW (1)

daveime (1253762) | more than 3 years ago | (#33719270)

Haven't you worked it out yet ?

Whenever a textarea tag is found on a page, NoScript is automatically adding in the glowing references to NoScript, and hitting the submit button.

No user interaction required. How smart is that ?

Just disable JavaScript, Java applets and plugins. (0)

Anonymous Coward | more than 3 years ago | (#33716978)

The best thing to do with the pathetic state of today's web is to just disable JavaScript, disable Java applets, and disable all plugins (including Flash).

There are no sites worth visiting that require the use of JavaScript. Even Slashdot sort of falls back when JavaScript isn't available, although it does a shitty job.

Basically nobody uses Java applets these days. So you're not missing out on anything at all by disabling them.

YouTube is the only site that reasonably uses Flash. But even then, most of the content on there is total crap to begin with. Not being able to use YouTube is a small price to pay if it allows one to disable Flash completely.

Disabling all three makes the web suck a whole hell of a lot less than it typically does.

Re:Just disable JavaScript, Java applets and plugi (1)

Grishnakh (216268) | more than 3 years ago | (#33717168)

Lots of sites seem to use Javascript for their menus.

And while Java applets are indeed mostly dead, Paypal uses one if you purchase postage online, which is a handy feature. Yeah, Paypal sucks and all, but I don't know any other place that lets you purchase USPS First Class postage so easily (USPS's own site only lets you buy Priority and Express, which are overpriced). (And don't mention encidia; Paypal at least doesn't require a monthly fee.)

Re:NoScript FTW (0)

interkin3tic (1469267) | more than 3 years ago | (#33717220)

I don't understand how people can stand surfing with NoScript--it's got to be the most obnoxious add-on ever.

Yes, it is extremely frustrating to four important groups of people, those being

1. Malware authors who are perfectionists and want -everyone- to get infected, not just 90%
2. Advertisers who are convinced that ads that flash at you, pop up a billion ads, and start playing noises are the way to economic recovery
3. People who can't be bothered to click a part of the window the first time they visit a new website
4. People who hate not being infected with malware.

Those people have my deepest sympathies.

Re:NoScript FTW (1)

ObsessiveMathsFreak (773371) | more than 3 years ago | (#33717068)

I don't think NoScipt works in IE.

Re:NoScript FTW (0)

Anonymous Coward | more than 3 years ago | (#33717312)

I don't think NoScipt works in IE.

Yep, and it has other security features too.

Re:NoScript FTW (1)

houghi (78078) | more than 3 years ago | (#33717442)

Why do you need NoScript when you get an email? I do not have NoScript enabled, yet I notice it when I get an email in my text-only email client if I want to click on the link or not. What I do in my email client has nothing to do what I do in my browser untill I click on the URL

Yes, I understand that a lot of people use their browser as an everything, including email and gmail and Usenet and what not. I just like to use the correct tool so I do not have to turn off everything just to be safe.

Re:NoScript FTW (1)

robot256 (1635039) | more than 3 years ago | (#33719276)

Congratulations, you are immune to malicious links sent to you in email. What about the other millions of links presented to you on web pages? Besides, it's not links that I use NoScript against. It's tracking scripts, pop-up ads, flash junk, and the occasional -- yes -- honest mistake while trying to find something new and interesting. There is an awful lot more to the Internet than just email, and it tends not to be as squeaky-clean as some people make it out to be.

Re:NoScript FTW (0)

Anonymous Coward | more than 3 years ago | (#33718142)

Try QuickJava. You can get it here:

http://quickjavaplugin.blogspot.com/

No annoying messages. A single click disables/enables javascript, Flash, Java, CSS, images, and Silverlight. I keep javascript off most of the time and only enable it when needed.

NoScript is such a pain. It was a great pleasure to find QuickJava and kill NoScript.

LinkedIn spam - but I repeat myself (4, Funny)

wowbagger (69688) | more than 3 years ago | (#33716652)

" sending massive volumes of spam email messages targeting LinkedIn users."

To paraphrase Mark Twain:

Imagine you receive a message from LinkedIn. And imagine that it is spam. But I repeat myself.

Linkedin are just spammers anyway. (4, Informative)

schon (31600) | more than 3 years ago | (#33716678)

Linkedin are just a bunch of spammers anyway.

I got an email from them, claiming that someone I knew wanted me to join. It was a spammer - the "custom message" that was included was a single link to a spam site in China.

The email had a "if this is spam..." report button, so I used it, and noted to linkedin that I didn't know the person, and it was *obviously* spam (the link was to a spam site.) Their automated system thanked me for reporting the abuse, and I thought that was the end of it.

Two weeks later, I receive a "helpful reminder" from Linkedin, telling me that I hadn't confirmed or rejected the invitation. Not only had they not taken any action, they helpfully included the spam link, and seemed blissfully unaware that I had reported this spammer's account two weeks prior.

Linkedin are just a bunch of scummy spammers. I blocked all email from their domain since.

Re:Linkedin are just spammers anyway. (1)

clampolo (1159617) | more than 3 years ago | (#33716818)

Linkedin are just a bunch of scummy spammers. I blocked all email from their domain since.

That's not enough. Headhunters are going to continue to call you at work. They see where you are working and then just call your company's operator asking for you. Once you put your information on Linkedin it is for sale to anyone that pays them for it.

Re:Linkedin are just spammers anyway. (5, Informative)

BitZtream (692029) | more than 3 years ago | (#33716852)

I blocked all email from their domain since.

You do realize this current round isn't actually coming from LinkedIn right? Nor does it actually link back to their website?

Ban their domains 18 ways to sunday, you'll still get the messages.

Re:Linkedin are just spammers anyway. (1)

postbigbang (761081) | more than 3 years ago | (#33717232)

You mean you clicked on something without checking the message header? I get all kinds of bogus phishing and adware site spam-- but I've yet to see them successfully forge a header from a real site.

Re:Linkedin are just spammers anyway. (0)

Anonymous Coward | more than 3 years ago | (#33717588)

I looked at the headers and saw the originating servers from linkedin.com. Can someone else look and see if they see the same?

Re:Linkedin are just spammers anyway. (1)

Zorque (894011) | more than 3 years ago | (#33718892)

I got this probably about the same time you did, some Liu Chang or something wanting me to join. The fact that the site itself keeps sending reminders to join is the worst part, the site itself is spamming you. It's obnoxious.

Re:Linkedin are just spammers anyway. (0)

Anonymous Coward | more than 3 years ago | (#33719656)

I quite like LinkedIn. What other service generates a profile for you by scraping personal details from your employer's site? And then invites you to create an account so you can edit your profile?

Re:Linkedin are just spammers anyway. (1)

whoever57 (658626) | more than 3 years ago | (#33719894)

I got an email from them, claiming that someone I knew wanted me to join. It was a spammer - the "custom message" that was included was a single link to a spam site in China.

Are you sure that LinkedIn actually sent the emails and i the weren't just a spam emails? The spam emails that look to be from LinkedIn are quite good forgeries and I don't recall ever seeing real LinkedIn emails refer to a "custom message".

Started earlier (1)

whoever57 (658626) | more than 3 years ago | (#33716690)

I got a spam email which looked like a LinkedIn request last week.

It was immediately obvious that it was fake because it was sent to sales@

It's 2010. Why are browsers not properly sandboxed (1, Insightful)

Anonymous Coward | more than 3 years ago | (#33716730)

Why do these "drive by download" vulnerabilities exists? Web browsers should be sandboxed to disallow execution of malicious code. Clicking on a hyperlink should just not execute code that runs outside of the browser sandbox. That's jus

Re:It's 2010. Why are browsers not properly sandbo (1)

Yvan256 (722131) | more than 3 years ago | (#33717256)

I would think the answer if obvious. Sand, you see, is extremely small and could get everywhere inside the computer. That's why companies don't sandbox their products.

If you want sand, bring your laptop to the beach.

Re:It's 2010. Why are browsers not properly sandbo (1)

Yvan256 (722131) | more than 3 years ago | (#33717272)

P.S.: Slashdot really needs a "smartass" moderation option. Like funny, wouldn't count toward the karma.

Re:It's 2010. Why are browsers not properly sandbo (1)

MichaelSmith (789609) | more than 3 years ago | (#33717336)

Sure, browsers can run java applets which are sandboxed. Probably why phishers don't use java.

Not new (0)

Anonymous Coward | more than 3 years ago | (#33716794)

I don't have anything to do with LinkedIn but I got the spam as well. It's not half so targeted as this article would indicate. It's just the usual random spam. This also isn't the first time this sort of attack has used the LinkedIn name. A similar splurge happened about a month ago. There may have been one previous to that as well, I can't remember and I don't archive spam that long.

Long story short: Never blindly click on links.

Started before monday, today is the netflix spam (3, Informative)

BitZtream (692029) | more than 3 years ago | (#33716838)

LinkedIn spamming started before today, I know as we've got several from last week.

Today we started getting the netflix emails about 'lost in mail' disks for movies that haven't been requested and/or to users without netflix accounts.

Way to notice whats going on guys.

Re:Started before monday, today is the netflix spa (1)

marsu_k (701360) | more than 3 years ago | (#33716972)

We had hundreds of these per day a couple of weeks back at work - somehow they got past our spam filter (perhaps LinkedIn was whitelisted), although they were obviously spam. What was odd was the fact that I've registered to LinkedIn with my @gmail address, but the spam came to @work. The part before @ is the same though.

What I get (1)

oldmac31310 (1845668) | more than 3 years ago | (#33716890)

I get REAL contact requests from Linked In occasionally. What a pain!

Re:What I get (1)

MichaelSmith (789609) | more than 3 years ago | (#33717324)

The only real contact requests I got on Linked In were spam, just slightly more sophisticated than this. I have never seen that site do anything useful.

Re:What I get (1)

Bigbutt (65939) | more than 3 years ago | (#33719356)

That and fricking headhunters who sent me a request for a one day a week, $20 an hour job in Austin Texas.

Idiots.

[John]

Is there a real exploit here? (4, Insightful)

gad_zuki! (70830) | more than 3 years ago | (#33716904)

Or is another "Download gdggdsf.exe" and moronic users click on Run?

So far I've only see "drive by download" which is 100% meaningless. Would it kill them to tell us what exploit, if any is being used?

No kidding (1)

Sycraft-fu (314770) | more than 3 years ago | (#33716936)

I mean maybe it uses a real exploit, like say the hole in Acrobat Reader. That's been patched now but it is recent so people are probably still vulnerable. Would be nice to know what it is so we know what to look for if a user gets hit.

Re:No kidding (2, Interesting)

GIL_Dude (850471) | more than 3 years ago | (#33717170)

Actually only some of the exploits in Acrobat Reader have been patched. According to the latest security bulletin from Adobe, reader 9.3.4 has critical vulnerabilities and they will release a patch the week of Oct. 4th. So unfortunately you can still get hit with certain Reader/PDF exploits by visiting a site.

Bad Grammar (1)

bokmann (323771) | more than 3 years ago | (#33716932)

Why is it no matter how short the message involved in a scam, somehow the English is mangled? It seems like a good malware defense is simply a good understanding of the English language. Please WAITING?

But does it run on Linux??! (1)

mspohr (589790) | more than 3 years ago | (#33716974)

I assume that this is a Windows only malware but as usual, no mention is made of platform.

Re:But does it run on Linux??! (0)

Anonymous Coward | more than 3 years ago | (#33717204)

I guess that no mention is made of the platform because Microsoft could very well be paying websites to not mention it at all. If there's no mention of the OS, then Microsoft doesn't look bad and gives readers the impression that all computers are unsafe.

Strike up the band! (1)

Chris Tucker (302549) | more than 3 years ago | (#33716990)

Botnets, worldwide botnets.
What kind of boxes are on on botnets?

Compaq, HP, Dell and Sony, true!
Gateway, Packard Bell, maybe even Asus, too.

Are boxes, found on botnets.
All running Windows. FOO!

I get thousands of these (2, Interesting)

MichaelSmith (789609) | more than 3 years ago | (#33717108)

...but I don't think the have anything to do with my non-neglected linkedin account. Its just normal phishing.

What I did get yesterday was a telephone spam phishing attempt. They called told me they had detected malware from my system and tried to get me to load a remote administration tool from their web site [irssupport.net] . Take a look at the language on that site "Blue Screen To Death Error", etc. Its hilarious.

Re:I get thousands of these (1)

!eopard (981784) | more than 3 years ago | (#33719696)

I had a phone call claiming to be from the "Microsoft Certified Technical Department" :o, apparently this IRS group had identified my computer as being ridden with viruses. I was only able to keep them on the phone for 7 mins, but it was sorta funny considering how hard they were trying to get me to open this website. Asking how they obtained my phone number from my IP address seemed to be the clincher in her hanging up. I wish I'd thought to boot a Windows VM box, might've been able to waste more of their time (it was a weekend and I was lazing on the couch, no skin off my nose).

I reported the website and phone # I was given to scamwatch.com.au

Oh - check out the Live Support link (top right) - an executable?!?

Execute the Bastards (4, Insightful)

Nom du Keyboard (633989) | more than 3 years ago | (#33717158)

I'm ready to execute all malware writers. Put them up against the wall and remove the problem forever. They contribute absolutely nothing of use to society.

Re:Execute the Bastards (1, Troll)

Yvan256 (722131) | more than 3 years ago | (#33717218)

And how do you feel about the source of all these problems? Is there someone named B.G. at the top of your list?

Re:Execute the Bastards (1)

feufeu (1109929) | more than 3 years ago | (#33717322)

Jesus christ, are you completely crazy ? Of course it's lots of use to the whole computer-security industry which probably wouldn't even exist if someone didn't take the time to write a new virus/worm/whatever every now and then !

The more i think the more i cannot exclude that the industry writes the malware on their own...

Re:Execute the Bastards (1)

davidshewitt (1552163) | more than 3 years ago | (#33717930)

Execute those who execute malicious remote code? What goes around comes around I guess. ;)

Re:Execute the Bastards (0)

Anonymous Coward | more than 3 years ago | (#33718174)

Sure they do... They keep lots of us in jobs cleaning up client computers.

Don't use Windows (2, Insightful)

kelsey.grammer (83287) | more than 3 years ago | (#33717304)

Problem solved.

Re:Don't use Windows (1)

Scorch_Mechanic (1879132) | more than 3 years ago | (#33717916)

Phew, I feel a lot better now. My basement doesn't have any.

Re:Don't use Windows (1, Insightful)

Anonymous Coward | more than 3 years ago | (#33718874)

Thanks for your useful and astute knowledge of the situation. Everybody should just drop their operating system and use a different one, because nobody relies on certain features of that OS or software exclusive to it. You've really done us all a favor.

So what's new (1)

mariushm (1022195) | more than 3 years ago | (#33717306)

I got 114 spams for Linkedin on two email accounts from the 24th 11:18 pm GMT+2 to 27th 11:50 GMT +2.... 80% of these were blocked automatically by simple rules like checking for Reverse DNS and checking if the sender IP is blacklisted.

Funny enough, all websites used in the messages point to a file 1.html - I guess they used some bots and some vulnerability of those websites to upload the html file with that particular name.

PLEASE take linkedin.com SPF out of softfail mode (2, Interesting)

Linux_ho (205887) | more than 3 years ago | (#33717606)

Changing one tilde to a dash would solve this problem for 90% or more of the phishing targets.

$ dig txt linkedin.com

;; ANSWER SECTION:
linkedin.com.        21600    IN    TXT    "v=spf1 ip4:70.42.142.0/24 ip4:208.111.172.0/24 ip4:64.74.220.0/24 ip4:64.74.221.0/26 ip4:64.71.153.211 ip4:64.74.221.30 ip4:69.28.149.0/24 ip4:208.111.169.128/26 ip4:64.74.98.128/26 ip4:64.74.98.16/29 mx ~all"

Re:PLEASE take linkedin.com SPF out of softfail mo (1)

ls671 (1122017) | more than 3 years ago | (#33718764)

Of course because 90% of routers, firewalls and mail servers have SPF built-in into them and hardwired in a way that it is impossible to disable.

Seriously about 50% of all domains use SPF.

On my small domains with a few machines, I do publish SPF records with a "-all" (dash) record but I do not use SPF directly to filter email. I give a small weight when SPF records do not match amongst a lot of other factors in order to make a decision whether an email is spam or not but I never block an email based only on SPF.

For big domains with multiple machines and customers who access the net in many different ways. Having an SPF record with "-all" is a guaranteed way to have your legitimate customer emails blocked at some point.

http://en.wikipedia.org/wiki/Sender_Policy_Framework [wikipedia.org]

minus 4, Trolln) (-1, Offtopic)

Anonymous Coward | more than 3 years ago | (#33718506)

fasrtest-growinSg GAY

My phoney LinkedIn messages started last Friday (1)

grandpa-geek (981017) | more than 3 years ago | (#33718586)

I had a few each Friday and Saturday and several on Monday. The URL's of the links varied. None of them were linkedin.com.

Engage brain before clicking.

I must be special. (1)

Jane Q. Public (1010737) | more than 3 years ago | (#33719814)

I've been getting these for several days, at least.

I just now deleted one from two days ago. And they started before then. But I must admit they have been getting more common. I had like 12 just today.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>