June 15, 2012
WARNING: LinkedIn Spam Alert We are getting reports of spam which looks like it is from LinkedIn arriving in your mailboxes rather than being caught by the filters and want to caution all of you against opening them. Please delete them instead. If you think they may be legitimate email from LinkedIn, please go to LinkedIn and check your invitations there. http://www.linkedin.com/ Postini has updated definitions once today at lunchtime already and appear to be working on another update currently. In the meantime, we have removed LinkedIn from your domain's approved sender list to give the filters a chance to catch the current outbreak. Postini refers to spam events like this as spam "Storms" and we are asking everyone to be extra vigilant. Because of the changes we made, please pay extra attention to your Quarantine notification for the next day or so if you routinely receive legitimate emails from LinkedIn. If you have clicked on the links in one of these suspect emails, please send a note to firstname.lastname@example.org and we will follow up with you. A big thank you to those of you who noticed and alerted us to the issue. Thank you for your cooperation and patience. The Prospera Service Team Linkedin Email Scam Deposits Banking Trojan by PC Magazine By Sara Yin [http://securitywatch.pcmag.com/security/295538-linkedin-email-scam-deposits-banking-trojan] Don't be too quick to make that connection! GFI Labs recently discovered a LinkedIn email phishing scam that installs the Cridex banking Trojan. The fake LinkedIn email looks like an authentic email reminder about pending invitations (click to enlarge): The phishing scam shares the same IP address (22.214.171.124) as several recent BBB and Intuit spam runs. "If in doubt, go directly to Linkedin and check your invites from there," writes GFI's Chris Boyd. The Cridex bot (Symantec), aka Cardep (Microsoft, Avast) or Dapato (Ikarus, Emsisoft, Kaspersky), was discovered in the wild in August 2011. It spreads through emailed or shared attachments. Once installed, the Trojan connects to a remote command and control (C&C) server. Then it injects itself into your Internet Explorer process, where it steals online banking credentials, email accounts, cookies, FTP credentials, and send them back to the C&C server.