Spoofed LinkedIn Invite = Malware

According to M86 Labs, malware scammers are targeting LinkedIn users with legitimate-looking messages that appear to come from the social networking site:

The scammers have used the actual LinkedIn email template and modified it to suit their needs, changing the link behind the confirmation button.  Simply hovering the mouse over the button reveals that the destination URL is not on LinkedIn, but on the salesforceappi.com (not to be confused with the legitimate salesforceapi.com domain).

For those unfortunate users who follow the link, the “BlackHole” exploit kit at the destination server tries to exploit a number of vulnerabilities in order to load up malware.  The bulk of the successful exploits appear to exploit Java and PDF reader vulnerabilities.

Lessons learned from this attack campaign include, don’t click that link!  Even if it looks familiar.  Instaed, open up your own browser window and visit the site yourself.  Legitimate invites will be present in your LinkedIn inbox.  Also, keep your software up to date!  One vulnerability is all that the bad guys need.  Once you have been had, it is difficult to undo the damage.