The latest mass attack to hit my inbox has been a deluge of fake LinkedIn notifications. Coming in the guise of a new message from one of your LinkedIn contacts, it’s actually an attempt to infect your system with a trojan, which will probably let “the bad guys” steal your passwords, or take remote control of your system, which will be added to their ever-growing botnets.
Now, I don’t have a LinkedIn account, though I do get the occasional “real” e-mail from them with an invitation to join from someone I know. But, even if I did have an account, I would like to think that, upon opening my e-mail in the morning and finding 217 identical messages from overnight, red flags would be going up for just about anyone.
So, what’s the payload?
There’s no need to actually click the “install now” button, as simply visiting the web page with the above image will cause your browser to start the download. (Hopefully, your browser will tell you it’s about to download a file, and ask permission.)
AVG identifies the file as containing “Trojan horse PSW.Generic8 WDK”.
If you do visit a web site that claims that you need to update your Flash player, the safest way to do so would be to visit the Adobe website directly, and download it yourself. (Even if it’s a legitimate website, I’ve heard of cases where the ads displayed on the site have been compromised. Make sure that any “out of date” notification isn’t from an advertisement.) Or, use Mozilla’s plugin check webpage to keep all of your plugins up-to-date.