LinkedIn Spam Attack Spreads ZeuS

[noaccount]

Researchers at Cisco Security Intelligence Operations on Monday detected a new spam attack in the form of a false LinkedIn connection request. According to Cisco, these messages "accounted for as much as 24 percent of all spam sent within a 15-minute interval." Those who fell for the trap and clicked the link saw a Web site with the message "PLEASE WAITING.... 4 SECONDS", after which the browser redirected to Google.

During that short time, the malicious Web site infected the user's PC with the ZeuS data theft malware using a drive-by download, according to Cisco. ZeuS is a well-known threat commonly used by cyber-criminals to steal personal information, especially banking credentials.

Source http://www.pcmag.com/article2/0,2817,2369774,00.asp?kc=PCRSS05079TX1K0000992

Original VT analysis http://www.virustotal.com/file-scan/report.html?id=1dc848df1d294af28459e4c224e78361114bec79ae48564b27724b0613407e65-1285618236

[hellnoire]

Wow... epically win for the malware writers, especially when most people use LinkedIn for a "professional Facebook" from what I can see.

[noaccount]

Quite realistic emails were used, see here. PCWorld contributor was really scamed and since his Kaspersky client was bypassed, he came to know he was infected with Zeus after reading Cisco email, see here. Brian Krebs has some more details, quite interesting i think, several PDF, Java and Windows Help and Support Center exploits being used to trigger Zeus installation.

[Ande]

I'm getting inundated. All types of email from messages, to open attached plans, etc.
Quite discouraging.

[INDRANIL]

ZeuS strikes again . Now LinkedIn is the target. Thanks for the news noaccount.

[Ceyfer √]

Apart from it...these days facebook is the easiest dissemination platform.

Awareness:

Zeus is lovely! and lame.

Create at least 5-10 facebook accounts, copy and paste infos ( consistent ) , cute chix on the profile pict, add many friends, a little study or surveillance of the target/victim/pool. Then one lucky multiple strike + java exploits/iframe/click-jacking. Doomsday scenario isn't it? To do it you'll only need an hour or two and a sweet escape right away. Be aware my friend. Always check the shared "LINKS".