-1

A friend of mine's Skype was "infected" with a bot that sends links to it's friends. The link points to LinkedIn, but as soon as you make a GET request, it redirects you to an advertising page. This is the link it sent: https://linkedin.com/slink?code=er_a7nN#60097=user_im. Open it in virtual machine just in case.

What is strange about it, is that they use a foreign domain (namely linkedin.com), to trigger the redirect to the ad. How is this even possible? I tried inspecting HTTP response message to see what they did, but since the response has 301 status code, no entity body is being sent.

Anders
  • 64,406
  • 24
  • 178
  • 215
sanjihan
  • 639
  • 2
  • 7
  • 11

1 Answers1

3

They are abusing the script https://linkedin.com/slink which is an "open redirect". When someone posts a link on Linkedin, the website automatically converts it to an URL which uses the slink-script with an unique code for that URL. When a user clicks on that link, the script forwards the user to the actual URL. The purpose of that layer of indirection is that it allows Linkedin to analyze which users click on which links posted on their service.

The owner of that spam website sent a link to their spam website to themself on Linkedin to get Linkedin to create an slink-url for it. They likely did that to mask the actual destination of the link.

Philipp
  • 48,867
  • 8
  • 127
  • 157