The web security researcher David Sopas has disclosed a vulnerability on LinkedIn. The vulnerability allowed cyber criminals to use the LinkedIn environment as a Trojan Downloader environment, meaning that the cyber criminals could trick unaware internet users to download malicious files from the LinkedIn environment.
The web security researcher has disclosed the vulnerability as a “LinkedIn Reflected Filename Download” and he has explained the attack step by step on his website.
David Sopas published the following plausible attack scenario:
- 1. Malicious user sends link to victim like it would with a CSRF or a XSS (phishing campaigns, social networks, instant messengers, posts, etc)
- Victim clicks the link and trusting where it came from (Linkedin) he downloads it
- Victim runs the file and his computer it’s hijacked
More detailed explanation by David Sopas about the possible attack:
A malicious user could even give more credibility to the HTML5 download site if he uses famous open redirection vulnerabilities on trusted sites like open redirects on Google or even on Linkedin.
To the victim, the entire process looked like a file is offered for download from Linkedin original site and it would not raise any suspicious. A malicious user could gain complete control over a victims computer system and launch malicious files that appear to originate from a trusted party.
He end his blog by stating the following:
Malicious users are always searching for better ways of gaining trust of victims. This could be the right online weapon.
The vulnerability has already been fixed by LinkedIn.