Global security firm Cisco has warned LinkedIn users about a harmful spam attack designed to trick users into opening a link that will infect their computers with malicious software designed to steal private information.
Anthony Edwards, technical support manager at TrendMicro Australia, says LinkedIn users need to be extremely wary of opening any friend requests from users they don’t recognise. He says the “ZueS” botnet, referenced by Cisco, is particularly dangerous.
“The ZueS botnet, generally speaking, tries to fly under the radar and attempts to infect as many PCs as possible and then report back to a commanding control centre.”
“Users should definitely not trust any emails that are coming form an untrusted source, for a start. I’m not familiar with the actual attack mechanism, but generally if it’s spam then it may or may not be sent from people you know. If it’s sent from people you don’t know, don’t open it.”
The Cisco warning states that the attack is the largest of its kind, and targets users of LinkedIn directly. Users are sent an email, which includes al ink to a page that says, “PLEASE WAITING… 4 SECONDS” and then sends them to Google.
During that time, the user’s computer is infected with the ZeuS data-theft malware program. Personal information including passwords and banking credentials are then stolen.
LinkedIn said in a statement it is aware of the issue, and its customer support team is speaking with
users who have contacted the company. It says users should look on the company’s site for information on how to protect their privacy and security.
“The fraudulent emails were not sent out by LinkedIn or anyone associated with the company and like any SPAM/Phishing emails, people are advised not to open suspicious attachments or click on any links within the email. LinkedIn has always advised members to connect with people who they know and can trust.”
Edwards says it is extremely important that everyone using LinkedIn, or any other type of social network, use anti-virus protection and update it regularly.
“Users should definitely be using antivirus protection, and it should be updated. If you do happen to download the link accidentally, hopefully the antivirus software will block the actual malware from occurring.”
Cisco said in its official blog post the company was alerted to the attack this morning. These particular messages accounted for as much as 24% of all spam sent within a 15-minute interval and businesses need to know how to protect themselves.
“Organisations should encourage individuals to delete such requests, especially if they do not know the name of the contact.”
“This is the second spam attack this month of this magnitude, preceded by the “Here You Have” email worm a few weeks ago. Cisco expects to see more spam messages containing malware sent to organisations in an attempt to collect personal information.”
The company says the attack is unique, pointing to the combination of a high volume of messages sent, the specific target of business users and the use of malware.
“This strongly suggests that the criminals behind this attack are most interested in employees with access to financial systems and online commercial bank accounts. According to the FBI’s Internet Crime Complaints Centre, criminals stole more than $US100 million in 2009 from commercial bank accounts using this and similar methods.”
Comments