Starting this morning, Monday 9/27, at 10am GMT, cyber criminals sent spam email messages targeting the LinkedIn social media community.
Victims are emailed an alert link with a fictitious social media contact request. These messages accounted for as much as 24% of all spam sent within a 15-minute interval. Clicking the link, victims are taken to a web page that says "PLEASE WAITING.... 4 SECONDS" and redirects them to Google. During those four seconds, the victim's PC is infected with the ZeuS data theft malware by a drive-by download. ZeuS embeds itself in the victim's web browser and captures personal information, such as online banking credentials, and is widely used by criminals to pilfer commercial bank accounts.
Organizations should encourage individuals to delete such requests, especially if they do not know the name of the contact. This is the second spam attack this month, preceded by the "Here You Have" email worm a few weeks ago. Cisco expects to see more spam messages containing malware sent to organizations to collect personal information.Numerous reports claim that banking passwords have been stolen and used.
Anyone using the Windows operating system is vulnerable. Most of the anti-virus products do not yet detect this latest scam when the email message is received, although most of the producers of those programs will be updating their virus definitions within the next few days to add detection. Most of today's anti-virus programs DO detect the ZeuS data theft malware after the PC has been infected, if the virus definitions are up to date.
Anyone using Linux, Macintosh, or any of the handheld computer operating systems will not be infected.
If you do get caught by the LinkedIn spam and experience the four-second delay, followed by a redirect to Google's home page, turn off your computer and IMMEDIATELY use a second computer, such as a laptop system or a friend's system, to log onto all your online accounts and change your passwords. Then disconnect the first system from its Internet connection, boot up, and run a virus scan. You do have the latest virus program updates installed, don't you?You can read more in an article by Henry Stern on Cisco's security web site at http://blogs.cisco.com/security/comments/cisco_security_tracks_linkedin_spam_attack/