14 DAY TRIAL // Phony LinkedIn notifications or reminders are not new, but security experts have found that they are still making the rounds, pointing users to compromised websites that host malware.
Commtouch Café researchers reveal that there are so many fake invitations, and that they’re so cleverly designed, that security-conscious users may even start treating legitimate messages as being part of a malicious campaign.
The compromised site involved in this particular scheme is the one of a Brazilian company that offers ornamental plants. However, the site itself is not as important as the piece of malware that’s hosted on it.
While the links may differ from one email to the other, the malevolent element that does the work is almost always designed to probe for security holes in Adobe, Microsoft or Oracle products.
In this scenario, the malicious scripts look for flaws in Adobe Reader, Adobe Acrobat, and Microsoft Windows Help and Support Center (Windows XP).
Users who ensure that these components, along with the antivirus solution, are always kept up to date, should be safe.