The spam campaign began Monday morning, according to security experts at networking giant Cisco Systems, and for a while the fake LinkedIn invitations accounted for as much as 24 percent of all spam. Recipients who click links in the message are taken to a Web page that reads, “Please Waiting, 4 seconds,” and then sent on to Google.com.
On the way to Google, however, the victim’s browser is silently passed through a site equipped with what appears to be the SEO Exploit Pack, a commercial crimeware kit that tries to exploit more than a dozen browser vulnerabilities in an attempt to install ZeuS.
Go to the Krebsonsecurity site for more information.
Don't respond to Linkedin invitations from anyone you don't know. Better yet, log in to linked in directly if you get any invitiations.
Spam will never be stopped until email is authenticated. With DNSSEC deployment underway it is only a matter of time, but we have a long way to go today.