Jump to content
Dragos

Rogue LinkedIn Emails Direct Users to Zbot Drive-By Download

Recommended Posts

  • Moderators
Posted

Rogue emails posing as LinkedIn alerts directs users to a malicious page, which attempts to infect them with a variant of the ZBot information stealing trojan.

The spam campaign was launched yesterday and according to Cisco Security it was the largest such attack known to date, that targeted LinkedIn users.

At one point, the fake emails accounted for well over 25% of the total spam traffic registered by the company's systems.

The messages come with a subject of "LinkedIn Alert" and have their header spoofed to appear as originating from a communication@linkedin.com address.

It appears that spammers have abused a legit LinkedIn email template in order to make the emails look more authentic, a technique we've seen used a lot this summer.

Recipients are reminded of an invitation from a friend and are informed that two pending messages await their response. All links present in the emails have been modified to point to a malicious page.

Users who end up on this website will see a message reading "PLEASE WAITING.... 4 SECONDS," after which they get redirected to Google.

"During those four seconds, the victim’s PC is infected with the ZeuS data-theft malware via a drive-by download," warns Henry Stern, senior security researcher at Cisco's IronPort Systems.

Drive-by downloads are a type of attack, which involves websites infecting visitors' computers with malware in a way that is completely transparent to them.

This is usually achieved by exploiting vulnerabilities in outdated versions of popular applications, such as Flash Player, Adobe Reader, Java or the browsers themselves.

ZBot (ZeuS bot) is a widespread information stealing trojan commonly used by fraudsters to steal online banking credentials, credit card details and other sensitive information.

This attack is particularly worrying because LinkedIn is a social network for professionals. This means that the risks might not be only to them personally, but also the organizations they work for.

Rogue LinkedIn Emails Direct Users to Zbot Drive-By Download - Softpedia

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...