Friday, October 8, 2010

LinkedIn Email Attack "Largest Ever" => 25% Of Worldwide Spam That Week

"An email attack targeting users of the LinkedIn social networking service this week was so active that it accounted for nearly one-quarter of all spam email sent at one point, a malware expert says.

Disguised as an invitation from someone to connect with him or her on LinkedIn, the spam is actually a phishing, or identity theft attack, “widely used by criminals to pilfer commercial bank accounts,” said Henry Stern, a senior security researcher with Cisco Systems, in a blog posting.

“This is the largest such attack known to date,” he noted.

Clicking a link in the email takes the victim to a web page that says “Please waiting … 4 seconds” during which time Zeus, a malevolent Trojan horse software program, downloads and embeds itself in the victim’s web browser.

Once embedded, it logs a victim’s keystrokes and “captures personal information, such as online banking credentials,” Stern said." - Email attack targeting LinkedIn users termed ‘largest ever’


Last week a major attack occurred. You should know about it and learn from it. Learn how to identify spam and phishing attacks.

I would recommend that even if you can't read all the articles i am linking to in one sitting, that over the next week you return and read them all. In the digital world we live in, this is as important as any security primer you will read.

Even if you manage to get things sorted out after your bank account is cleaned out by operators like these people, you will still be out a lot of money. Can you live without the contents of your bank account?

Be safe.

On a personal note, as I was poking about for a graphic for this story on google images, I clicked on an image that looked likely and my anti-virus blocked two intrusion attempts on my computer from clicking on the image and beginning to load the page the image was on. It is a hostile internet out there. Be as careful as you would be taking a nighttime walk in the Congo...


This article has a good description of how to analyse an email of this variety:

Dave Hatter blog - WARNING! Phishing attack disguised as LinkedIn invitations & LinkedIn messages is underway!


PC World - Warning: Fake LinkedIn Spam Can Steal Your Bank Passwords;
Bogus LinkedIn emails can infect your computer with ZeuS, a password-stealing Trojan. I know, because it just happened to me.


"Computer users can protect against attacks by not clicking on links in e-mails and instead typing "," for instance, into a browser. Firefox users can install the NoScript plug-in to block JavaScript.

In addition to keeping antivirus and other security software up to date, computer users should also "make sure all Web browser-related software, especially Adobe Reader, Flash, and Java, have the latest security updates," Stern said."

CNET - Fake LinkedIn e-mails lead to Zeus Trojan


InformationWeek - LinkedIn Attack Spreads Zeus Financial Malware


The National Business Review - Faked LinkedIn email targets bank account details


"This particular Zeus variant monitors browser entries for online bank account credentials.

"This strongly suggests that the criminals and individuals behind this most recent attack are most interested in employees with access to financial systems and online commercial bank accounts than anything else," said a Cisco statement."

Technology Digital - Virus-affected LinkedIn; Cisco Systems announced that LinkedIn is currently being used as the ultimate bait for email spam campaign


Forbes - Cisco Security Analyst Gives Countermeasures Update on LinkedIn Malware Attack

No comments:

Post a Comment