Ongoing spam campaign impersonates LinkedIn, serves exploits and malware

by

Share this news now.

Remember the LinkedIn exploits and malware serving campaigns which I profiled in March, and May?

Over the past 24 hours, cybercriminals launched the most recent spam campaign impersonating LinkedIn, in an attempt to trick LinkedIn’s users into clicking on the client-side exploits and malware serving links found in the emails.

More details:

Screenshot of the spamvertised email:

Spamvertised URL: hxxp://glqzc.com/linkzane.html

Client-side exploits serving URL: hxxp://headtoheadblaster.org/main.php?page=f6857febef53e332

Client-side exploits served: CVE-2010-1885

Upon successful client-side exploitation, the campaign drops MD5: 6c59e90d9c3931c900cfd2672f64aec3 currently detected by 4 out of 41 antivirus scanners as PWS-Zbot.gen.ajm; W32/Kryptik.BRK.

Webroot SecureAnywhere users are proactively protected from this threat.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.


Share this news now.
Ongoing spam campaign impersonates LinkedIn, serves exploits and malware by