New Zeus variant targeting LinkedIn members

Mickey Boodaei, Trusteer's CEO, notes LinkedIn now has more than 90 million members, many of which are business users. This, he says, makes LinkedIn an ideal platform for cybercriminals to attack enterprise networks.

"Through LinkedIn, cybercriminals can build a profile of targeted enterprises. They can locate key people within the enterprise and target them with spam emails that would eventually place malware on their computer or steal their log-in credentials to email and other sensitive systems. Sounds unlikely? Well, think again", he says in his latest security blog.

"In the last couple of days, Trusteer have witnessed a malware campaign that targets LinkedIn users. It starts with a simple connect request sent to the victim's mailbox", he adds.

Boodaei goes on to say that the fake LinkedIn request is very similar to the legitimate ones.

If, however, users click the "Confirm that you know" link on the genuine email, it takes them to LinkedIn's website. However if the same button is clicked on the fraudulent email, it takes the user to a malicious website that downloads malware onto your computer.

The website, he notes, is on the domain, which was registered this week with an IP address in Russia.

"The malicious server uses the BlackHole exploit kit to download malware to the victim's computer. This exploit kit used to sell for $1,500 but was recently made available for free", he says.

"Its first version appeared on the black market in August 2010. It is based on PHP and has a MySQL database. Thousands of websites have been infected with BlackHole which is used to exploit vulnerabilities on visitors' computers in order to place malware on them. This attack is also known as Drive by Download", he adds.

The important take-out, says the Trusteer CEO, is that many internet users mistakenly think that Zeus is only associated with financial fraud.

"However, we've recently seen evidence of Zeus targeting enterprise networks in order to steal proprietary information and to gain unauthorized access to sensitive systems", he explained.

In light of this new variant of Zeus, Boodaei says that he recommended that individuals never click on email links from social networking websites.

"We even recommend not opening these emails. Access your social networking website by typing the address into your website. Log into your account and read your messages directly from your account", he said.

For enterprises, he adds, employees' endpoints are now being highly targeted by cyber criminals. Unmanaged employee devices are the biggest security threat but endpoint devices within the network are also a concern.

"The fact that you have a leading anti-malware solution installed on your endpoints doesn't mean you're immune to these attacks. They often use zero-day vulnerabilities and zero day malware variants to bypass anti-malware solution", he said.

What’s Hot on Infosecurity Magazine?