Criminals are using bogus LinkedIn invite e-mails to trick people into clicking on links that lead to the Zeus data-stealing Trojan, a researcher warned today. The malware targets Windows users.
Researchers saw tens of billions of messages related to the attack yesterday, Henry Stern, a senior security researcher at Cisco Systems, told CNET. “There have been some bursts today, but nothing like yesterday,” he said. “The botnet responsible for this is still in operation and it’s just doing something else right now.”
While this attack appears to be abating, people should be wary of any new campaigns that use similar methods.
“This attack is particularly interesting because of its size,” Stern said. “It’s one of the largest viral campaigns we’ve seen, and one of the largest that mimics a social network.”
In this attack, the e-mails looked like legitimate LinkedIn invites with a Web link for confirming a contact. However, the link doesn’t lead to LinkedIn; it redirects to a Web page and displays a message saying “Please waiting …. 4 seconds” before then redirecting to Google.
Fake LinkedIn e-mails lead to Zeus Trojan | InSecurity Complex – CNET News.
Cisco has more information about the attack on its blog.
Theft of vital information has become big business. Sometimes it seems that no matter where you go on the internet, it seems something bad may be waiting around the corner.
This is another good example of how important it is to secure your systems and keep your computer security software updated.