By Dancho Danchev
Over the past 24 hours, cybercriminals launched the most recent spam campaign impersonating LinkedIn, in an attempt to trick LinkedIn’s users into clicking on the client-side exploits and malware serving links found in the emails.
Screenshot of the spamvertised email:
Spamvertised URL: hxxp://glqzc.com/linkzane.html
Client-side exploits serving URL: hxxp://headtoheadblaster.org/main.php?page=f6857febef53e332
Client-side exploits served: CVE-2010-1885
Upon successful client-side exploitation, the campaign drops MD5: 6c59e90d9c3931c900cfd2672f64aec3 currently detected by 4 out of 41 antivirus scanners as PWS-Zbot.gen.ajm; W32/Kryptik.BRK.
Webroot SecureAnywhere users are proactively protected from this threat.