It has been observed that the Zeus recent new variant has started to target LinkedIn members again. It was observed that the same malware Zeus had spam fake LinkedIn connection request to thousands of LinkedIn members during September last year.
LinkedIn is a most popular business networking site with more than 90 million members and the recent successful IPO. Most of the users on LinkedIn are business users. This has attracted the attention of the cyber criminals to target enterprise users. The latest version of Zeus malware sends spam email that carries the link to the malware hosted server. The email is a fake LinkedIn connection request that appears exactly same as original sent from LinkedIn website.
When the user clicks on “Accept” button in the email it takes to the websites that installs malware in the computer. Once installed this variant of Zeus can steal sensitive information like user name and password and sends it to a remote server hosted by cybercriminals.
Since the malware uses the BlackHole exploit kit to infect the computer it gets downloaded and installed automatically and silently. Zeus is known as the most prevalent malware that goes after the banking credentials.
I recommend never click on links in email to visit the social networking webstie. The best way to access your social networking website is by typing the website address in the browser and login from there. Not only LinkedIn, one should follow this rule to access any social networking website like Facebook, Twitter, LinkedIn etc.
Leave a reply