Posted by: Ken Harthun
Cybercrime, LinkedIn, spam, Zeus Trojan
On Monday, some members of the business social network LinkedIn were emailed LinkedIn Alert messages with a link that masqueraded as a contact request. It was the largest such attack known to day. Cisco reports in a blog post:
Clicking the link takes victims to a web page that says, “PLEASE WAITING…. 4 SECONDS,” and redirects them to Google. During those four seconds, the victim’s PC is infected with the ZeuS data-theft malware via a drive-by download.
It is thought that the attackers were targeting business users who would likely have financial responsibility in order to gain access to funds in bank accounts. In case you’re not familiar with what Zeus does, here’s info from Wikipedia:
Zeus (also known as Zbot, PRG, Wsnpoem, Gorhax and Kneber) is a Trojan horse that steals banking information by keystroke logging. Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became more widespread in March 2009. In June 2009, security company Prevx discovered that Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA, Monster, ABC, Oracle, Cisco, Amazon, and BusinessWeek.
It is still active in 2010. On July 14, 2010, security firm Trusteer filed a report which says that the credit cards of more than 15 unnamed US banks have been compromised. A recent outbreak is being called Kneber.
Better be careful and delete any suspicious items if you are a LinkedIn member.