Healthy Passwords



Fake Linked In Invitations Lead to Malware

Date: 2011-06-02 17:54:12

Trusteer, a leading security firm, released a warning for Spear-Phishing email attacks disguised as linked in invitations.

The fake email invitation is nearly identical to the real email invitation.

Fake Invitation
Fak LinkedIn Invitation

Real Invitation
Real LinkedIn Invitation

If you click on the fake invitation you are directed to a malware site trying to look like salesforce.com. The url they send you to is salesforceappi.com. If you visit this site, there is a very good chance you will get infected.

If you've recently accepted a linked in invitation, look at your browser history to see if you can find salesforceappi in the history. If you find this URL in your history, you need to get your computer cleaned. That may take some time, and even a visit to a local professional, so in the meantime do the following:

  1. Print your browser history in chronological order from the time of visiting salsforceappi.

  2. If you don't already have a live CD, download and create one. See http://www.healthypasswords.com/LiveDistroList.html

  3. Boot from your live CD and start going down the list of sites you visited after salsforceappi. Pick the highest risk sites first and start changing passwords. While doing this, check balances.

  4. Go to any online email accounts and change your password. Be sure to check forwarding, POP, and IMAP settings while there. See How to See if Somone is Using Your GMail

  5. If you use your computer for business, contact your employer's IT or Loss Prevention department and explain the situation. If you have access to financial accounts, be sure they take action and change passwords accordingly.

  6. Until the computer is cleaned or re-installed, don't be tempted to use your computer without the Live CD. The malware installed by this site is particularly hard to remove, and most likely includes a keylogger. If you're computer is running windows Vista or XP, consider this a good opportunity to do a clean install of Windows 7 and maybe even just upgrading to a new hard-drive.

  7. If your employers IT department or your local computer professional thinks you are over-reacting, refer them to this Trusteer communication http://www.trusteer.com/blog/linkedin-spam-emails-download-malware

Category: Malware

Subcategory: Website

blog comments powered by Disqus
McAfee SECURE sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams

 Subscribe in a reader




Home | Live CD Listing | Password Worksheet | Third Party Ratings | Purchase | Errata | Contact | News | News Archive | Legal

Copyright © 2011, Sustainable Alternatives, LLC | Ligonier, PA 15658 | 724-238-9560 | All Rights Reserved.

 Sustainable Alternatives, LLC BBB Business Review