According to CNET, criminals are using fake LinkedIn invite email to scam people into clicking links that lead to the Zeus botnet. The scam targets Windows users only and may be the first time the Zeus botnet has targeted LinkedIn users.

According to CNET, “Researchers saw tens of billions of messages related to the attack yesterday, Henry Stern, a senior security researcher at Cisco Systems, told CNET. “There have been some bursts today, but nothing like yesterday,” he said. “The botnet responsible for this is still in operation and it’s just doing something else right now.”

Fake LinkedIn email links to the Zeus botnet.

WTF. You’d think after the humiliation and financial risks caused by social sharing site Blippy.com that we reported earlier this week, they would have either fixed it right, or shut the service down until they were certain everything was secure. But as reported on Blippy’s own blog, another four credit card numbers showed up in Google search results yesterday.

Possibly more disturbing is that Blippy is claiming only four individuals’ accounts showed up altogether, whereas other reputable sites like Mashable are reporting the number is closer to 200.

Hundreds of credit cards exposed.

UPDATE: Blippy responds in their blog.

As reported by Mashable today Blippy, the online “service” that allows you to see what others have purchased and share your purchases, had an embarrassing and potentially dangerous security issue today. According to Mashable:

“Tipster Trey Copeland wrote to us with a link to results for the search: site:blippy.com +”from card”. That search returns results showing detailed purchase information for transactions. Each result highlights that there was a “debit card transaction” or “card transaction,” the amount spent, the specific location (address included) and the full card number.”

Mashable included a screenshot of Google’s search results, which show a number of compromised credit card numbers exposed. Don’t bother trying that search query: you’ll get an error message from Google instead.

The social media team I run at C-E has long speculated that this would happen. We couldn’t imagine why on earth anyone would share their purchases and trust all their credit card numbers to a social site that doesn’t sell anything.

TIP: As we warned a few weeks ago, there’s no reason to join Blippy. You do not ever need to share your purchases. It makes you a target. If you are a member, take immediate action to remove your financial information.

A generous nod to Gary Olson for the story.

Please and thank you?  Microsoft has had some serious security issues over the years but recently there have been several problems that are so severe that they’ve had to release a fix outside of their normal schedule.  This is a pretty radical step since this causes companies (not to mention the rest of us) to spend time and resources that we hadn’t planned for.  Today, Microsoft released another out of cycle patch for Internet Explorer.  There have been a growing number of attacks that are exploiting this vulnerability.  I would recommend that you update with this patch as soon as possible so you can get back to Dave’s great series on scam spotting

Esteemed military bank, USAA was recently targeted by an email phishing scam. Thankfully, USAA has an incredible security team, who discovered it and warned their members before anything happened. Details of the email can be found on their site.