Business networking service LinkedIn has been targeted by a malicious spam attack aimed at stealing personal information...
from people in business.
Cybercriminals began a concerted spam e-mail attack against LinkedIn members yesterday at 11h00 UK time, according to security researchers at Cisco.
The spam messages, which accounted for up to 24% of all spam in a 15-minute interval, contained an alert link with a fictitious contact request.
Upon clicking the link, victims are taken to a web page that says "PLEASE WAITING.... 4 SECONDS" and redirects them to Google.
During those four seconds, the victim's PC is infected with the Zeus data theft malware by a drive-by download. said Henry Stern, senior security researcher at Cisco IronPort Systems.
"Zeus embeds itself in the victim's web browser and captures personal information, such as online banking credentials, and is widely used by criminals to pilfer commercial bank accounts," Henry Stern wrote in a blog post.
Organisations should encourage individuals to delete such requests, especially if they do not know the name of the contact, said Stern.
This is the second spam attack in September of this magnitude, preceded by the "Here You Have" e-mail worm a few weeks before.
Cisco expects to see more spam messages containing malware sent to organisations to collect personal information.