Sponsored by..

Thursday 14 March 2013

LinkedIn spam / teenlocal.net

This fake LinkedIn spam leads to malware on teenlocal.net:

From: messages-noreply@bounce.linkedin.com [mailto:messages-noreply@bounce.linkedin.com] On Behalf Of LinkedIn
Sent: 14 March 2013 16:32
Subject: Frank and Len have endorsed you!

Congratulations! Your connections Frank Garcia and Len Rosenthal have endorsed you for the following skills and expertise:
   
    Program Management
    Strategic Planning

Continue



You are receiving Endorsements emails. Unsubscribe.

This email was intended for Paul Stevens (Chief Financial Officer, Vice President and General Manager, Aerospace/Defense, Pacific Consolidated Industries). Learn why we included this. 2013, LinkedIn Corporation. 2029 Stierlin Ct. Mountain View, CA 94043, USA
The malicious payload is at [donotclick]teenlocal.net/kill/force-vision.php (report here) hosted on:

24.111.157.113 (Midcontinent Media, US)
58.26.233.175 (Telekom Malaysia, Malaysia)
155.239.247.247 (Centurion Telkom, South Africa)

Blocklist:
24.111.157.113
58.26.233.175
155.239.247.247
buyersusaremote.net
cyberage-poker.net
hotels-guru.net
teenlocal.net
bbb-complaint.org
secureaction120.com
secureaction150.com
iberiti.com
notsk.com
bbb-accredited.net
metalcrew.net
roadix.net
gatovskiedelishki.ru

2 comments:

Wills Family said...

So what do I do if I clicked on a link from the fake LinkedIn email? I'm on a MAcBook Pro running the latest iOS.

Conrad Longmore said...

@Wills Family, the exploit kit in question is mostly associated with Windows PCs, but Macs may be vulnerable. If you haven't got an anti-virus application installed, I recommend you have a look at the <a href="http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx>free Sophos scanner</a> just to check. I think you would be mostly at risk if you still have Java installed on the machine.