Linked In Message – Virus

Social networking spam and virus messages are currently second only to online pharmacy spam, with the latest campaigns spoofing Linked In notification emails.

Most are Arriving with subjects of either:

Subject:   LinkedIn Messages
Subject:   Join my network on LinkedIn

The body of the messages themselves are fairly accurate spoofs of actual LinkedIn communications, for example:

Linked In Messages - Virus

Click for larger image

In the above example the message even contains a false statement:

There are a total of 3 messages awaiting your response

Which is a nice touch at authenticity, and especially since there will no doubt be recipients who actually have 3 messages awaiting response.

Another common example:

Join My Network on Linked In - Virus

Click for larger image

In every case so far, the links in these messages have been altered to take the recipient to malicious malware sites that will attempt to drop/infect code onto the visitor’s computer.

As an extra spam filtering counter-measure the senders have injected headers into the emails to make it appear as though they originate from legitimate LinkedIn servers. For example:

* [0]: ‘from [109.74.164.126] (helo=109-74-164-126.k-telecom.org) by MailFilter1.onlymyemail.com with esmtp (Exim 4.67) (envelope-from <chopperingm7@rlarson.com>) id 1OkE0u-0008RF-Gi for affiliate@onlymyemail.com; Sat, 14 Aug 2010 06:30:58 -0400’

* [1]: ‘from mail14-d-ai.linkedin.com (mail14-d-ai.linkedin.com [208.111.169.155]) by mx1.bayarea.net with ESMTP id j12nx1092949zpy.340.2010.08.13.02.56.66; Sat, 14 Aug 2010 14:30:53 +0300’

The [0] header is the actual sending machine. This is an infected personal computer connected to a broadband network and operating as part of a zombie botnet.

The [1] header is entirely faked and was injected/inserted by the virus simply to make it appear the message was originating from a legitimate LinkedIn server, and the IP address does properly reverse.

How effective this technique is we can’t say, but it must help evade many spam filters and increase delivery rates to some extent, otherwise the spammers wouldn’t bother.

- -

OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.

Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."

OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.

Tags: , , , ,

Comments are closed.