Trojan Sneaks into LinkedIn Spam Attachments

Malware is starting to take advantage of LinkedIn’s popularity, with bogus e-mails allegedly coming from the professional social network. Some of the scams that have become antiquated on Facebook are now spreading on LinkedIn, luring users to install malicious attachments on their computers.

The Trojan that sneaks into LinkedIn spam messages injects an invisible iframe into a webpage and then redirects you to a randomly generated domain. Posing as a legit attachment from LinkedIn, it empowers the ghost-like malware to compromise the system through exploits.

One of the most widespread LinkedIn spam campaigns infecting computers these days is the HP Scanjet. The trick is already a relic in the spam world, but this time it abuses LinkedIn as a way to attract users from a professional environment.

Users receive e-mails with subjects such as “Scan from a Hewlett-Packard ScanJet” or “Scan from a HP ScanJet” that apparently come from LinkedIn.com. If they click on the attached document they can download malware.

Another trick spammers are testing these days is a LinkedIn invitation reminder allegedly from a Buddhist community.

When they are asked to connect with someone, users should first check the LinkedIn activity of the account, but also the contacts that may have brought the new invitation. This may show whether the account is a spam botnet or a legit contact they might want to add.

Wire Transfer Campaign

The wire transfer scheme is also spammed out widely, but with lower chances of luring its LinkedIn victims, because the scam itself is nothing new and there’s a big discrepancy between the subject line and the e-mail content.

Here are some variations of wire transfer spam pretending to come from LinkedIn:

Re: Fwd: Wire Transfer (74324SL891) — Angeline Joseph via LinkedIn <member@linkedin.com>

Fwd: Re: Wire Transfer Confirmation (FED REFERENCE 6335HG018) — LinkedIn <welcome@linkedin.com>

Re: Fwd: Wire Transfer Confirmation — Ebonie Flanagan via LinkedIn <member@linkedin.com>

With people still in alert after the recent LinkedIn breach, the success of the wire transfer masquerade is questionable. Though, users should be aware of the new spam avalanche on their e-mails, avoid opening unknown attachments, and keep their internet security software updated.

At the beginning of June, over 6.5 million LinkedIn password hashes were snatched and released on underground Russian forums. The investigation is still undergoing.

All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.

This article is based on the technical information provided courtesy of Ionut Raileanu, Bitdefender Spam Analyst, and Razvan Benchea, Bitdefender Malware Researcher.