Skip to main content

Thursday Threat Report: LinkedIn compromised, CryptoLocker evolves into a shapeshifting worm and Yahoo ads infected with malware

Welcome to ITProPortal's Thursday Threat Report, where we round up the three greatest security threats facing Internet users, smooth-running enterprise, and occasionally even the survival of the world as we know it. Hold onto your hats - things are about to get scary.


With its stringent security policies and strong privacy settings, LinkedIn might seem like a secure haven for your data, where only your trusted contacts can get to it – but don't be so sure.

In fact, LinkedIn this week filed a lawsuit against scammers who created thousands of fake profiles in order to scrape data about existing LinkedIn members (opens in new tab), in violation of the social network's policies. If some have managed it, it's safe to say that this technique will be widespread before long. As a result, any sensitive information such as your phone number, private email address or company data should be considered insecure at best. Users should make sure that none of the information they store on LinkedIn could be used to perpetrate identity fraud, or to facilitate a social engineering attack against their business.

The worm turns

Remember CryptoLocker? This digital nasty spent the last few months of 2013 running amok through the computer systems of users and businesses, encrypting files and charging computer owners a ransom to get the key. Security researchers have now discovered that the criminals behind CryptoLocker appear to have modified the ransomware from a Trojan into a USB-spreading worm (opens in new tab). The new version of the malware pretends to be an activator for software such as Adobe Photoshop and Microsoft Office on peer-to-peer (P2P) file sharing sites.

"Make sure that you follow safe computing practices and are careful about what you run on your computers, and don't forget to keep your anti-virus updated and your wits about you," said Graham Cluley, a security researcher involved.


Thousands of users who visited Yahoo's Web site over the past week were infected with malware (opens in new tab), researchers have found. The malware was delivered via malicious advertisements that appeared on the site.

Yahoo confirmed the infection, but said it has already been removed.

Attackers had inserted malvertisements, or malicious advertisements, into the servers used by, Fox-IT, a Dutch security firm, wrote in a blog post. These ads redirected users to a page hosting the "Magnitude" exploit kit, which targets various Java vulnerabilities. The exploit kit installed "a host of different malware" on to vulnerable computers, such as the Zeus Trojan, Andromeda, Dorkbot/Ngrbot, ad-clicking malware, Tinba/Zusy and Necurs, Fox-IT said.

"At Yahoo, we take the safety and privacy of our users seriously," the company said in an email. "On Friday, January 3 on our European sites, we served some advertisements that did not meet our editorial guidelines, specifically they spread malware."

"We promptly removed these advertisements. Users in North America, Asia Pacific and Latin America were not served these advertisements and were not affected. Additionally, users using Macs and mobile devices were not affected."

Paul Cooper
Paul Cooper

Paul has worked as an archivist, editor and journalist, and has a PhD in the cultural and literary significance of ruins. His writing has appeared in the New York Times, The BBC, The Atlantic, National Geographic, and Discover Magazine, and he was previously Staff Writer and Journalist at ITProPortal.