Malicious spam attack targets LinkedIn users


Malicious spam attack targets LinkedIn users

Warwick Ashford

Business networking service LinkedIn has been targeted by a malicious spam attack aimed at stealing personal information from people in business.

Cybercriminals began a concerted spam e-mail attack against LinkedIn members yesterday at 11h00 UK time, according to security researchers at Cisco.

The spam messages, which accounted for up to 24% of all spam in a 15-minute interval, contained an alert link with a fictitious contact request.

Upon clicking the link, victims are taken to a web page that says "PLEASE WAITING.... 4 SECONDS" and redirects them to Google.

During those four seconds, the victim's PC is infected with the Zeus data theft malware by a drive-by download. said Henry Stern, senior security researcher at Cisco IronPort Systems.

"Zeus embeds itself in the victim's web browser and captures personal information, such as online banking credentials, and is widely used by criminals to pilfer commercial bank accounts," Henry Stern wrote in a blog post.

Organisations should encourage individuals to delete such requests, especially if they do not know the name of the contact, said Stern.

This is the second spam attack in September of this magnitude, preceded by the "Here You Have" e-mail worm a few weeks before.

Cisco expects to see more spam messages containing malware sent to organisations to collect personal information.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy