Phishing-Botnet Attack is back to LinkedIn

Posted by BlackPiano on

It seems that an old/new phishing/botnet attack is back to LinkedIn.

In the last period LinkedIn users got messages from an phishing scam (attacker) which sent an e-mail messages on behalf of LinkedIn system and redirected users to the following domains that appears to be a compromised sites with a normally benign intent:

hxxp://ilcindia.org/wp-content/uploads/wps.php?c002

hxxp://www.rfszkki.sulinet.hu/wps.php?c002

hxxp://www.rezagroup.net/templates/beez/wps.php?c002

linkedin

The second location “kumapanda.com” is hosting BlackHole exploit kits and ZeroAccess malware. This domain is currently pointed to:

“ghettoradio.nl” – another site with the same exploits and malware.

and many others includes:

grhterceirizacoes.com.br

So just another reminder :-)

Don’t click every message’s link you got from your social networks,

or at least don’t accept fake users to your contact list.

One Response to Phishing-Botnet Attack is back to LinkedIn

  1. Today 22.03.2013 , I was trapped into this.
    SITE: eveningwiththeeditors.com
    URI:
    /wp-content/plugins/wp-plugin-repo-stats/wps.php?c002

    What does the Malware try to do?

    My Firefox opened and told me to install FLASH plugin, which I aborted.
    Did that stop the process?
    Anyway – I pushed the recovery button on my laptop.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s