LinkedIn social site used as lure for big email spam campaign
September 29, 2010
Cisco Systems said earlier this morning that the popular business contact networking and social site LinkedIn is currently being used as the ultimate bait for a very big email spam campaign designed specifically to infect businesses all over the world with the information-stealing Zeus-Zbot Trojan Virus, and it appears that the virus is spreading really fast.
After appearing early Monday morning, e-mail spam featuring a bogus LinkedIn reminder accounted for about 28 percent of all email spam detected by Cisco in a 15-minute period ranging between 10.30 and 10.45 AM EST on Monday.
And still as of 11.30 AM EST today the Zeus-Zbot Trojan Virus still appears to being sent through to multiple business email addresses in the U.S. and Canada, albeit at a lesser rate than Monday.
Assuming it is not detected by the computer's antivirus software - and there is plenty of evidence that Zeus variants can get past many such anti-virus programs - this particular Zeus variant monitors browser entries for online bank account credentials.
"This strongly suggests that the criminals and individuals behind this most recent attack are most interested in employees with access to financial systems and online commercial bank accounts than anything else," said a Cisco statement.
Unsuspecting LinkedIn users are asked to review the contact request for a fictitious user by clicking on an embedded link in the usual LinkedIn style. This takes victims to a page that asks them to wait before sending them to Google, unaware that anything fishy has actually happened. By that point, Zeus will have attempted to install itself on to the target PC.
The problem with the attack is that LinkedIn thrives on members being contacted by new members, so the fact that the apparent message sender is unknown would not necessarily alert users not to click on the link.
The defense against this type of attack is that most businesses would already have some kind of anti-spam filter at the gateway level and some anti-virus software as well, but there has been some cases that have been reported where Zeus was able to circumvent all of that and was able to infect some machines in the process.
Overall, LinkedIn has been used for email spam campaigns in the past but relatively infrequently compared to consumer rivals such as Facebook and Twitter as of late, which can also be used to attack business users as well, since LinkedIn caters mostly to people in business as compared to Facebook or Twitter which targets mostly the average Internet user.
"Targeting social network users for distributing financial malware is a smart move for the criminals," commented Trusteer CEO, Mickey Boodaei on the latest attack.
Another common barrier is that companies and organizations accessing online banking accounts usually utilize a dedicated-only computer that does not run any other applications but the online banking function exclusively.
"These attacks are much more likely to succeed than phishing attacks on banks. Once Zeus is installed on the user's computer then the criminals get access not only to login information but also to real-time transactions and other sensitive information on the victim's computer," he said.
Yesterday, e-mail anti-spam engineers at the popular Spamhaus Project have introduced a new email whitelist service of known benign Internet email servers.
Spamhaus' new initiative works seamlessly alongside the organization's well-established blacklist of bad mail servers to make it easier and simpler for mail server administrators to filter out junk and unwanted spam from all incoming email traffic.
Overall, qualified corporations such as banks, financial services companies, insurance firms, law firms, airlines, medical centers and certain government agencies, and transactional email from known automated billing systems, ecommerce servers and online banking services are all candidates for the new whitelist.
In addition to filtering out incoming email traffic by content, using a whitelist places a much lower performance overhead on email spam filters. It also makes it less likely that legitimate transaction-related emails or the like will be marked as spam by scoring systems, content filters, local blacklists or poor filtering choices.
For email senders, the technology makes it far less likely that important emails will either be delayed or classified as unwanted spam.
The Spamhaus Whitelist was launched as a beta initiative with inclusion on the list being by invitation only, from someone who already has a whitelist account.
Source: Cisco Systems.
You can link to the Internet Security web site as much as you like.