Cisco Systems says spammers targeted LinkedIn members with fake connection requests that downloaded a worm known for stealing user bank account information.
Malicious cyber-criminals aren't just targeting Twitter users; LinkedIn
members are in their crosshairs, as well.
LinkedIn members were reportedly deluged with spam e-mail messages
masquerading as connection requests from the career-oriented social networking
site Sept. 27.
Clicking on these requests sent users to a Website that displayed "PLEASE
WAITING...4 SECONDS" before redirecting them to Google. During those 4
seconds, the Website downloaded Zeus data-theft malware onto their PCs,
according to Cisco Systems.
Zeus, which embeds itself in the victim's Web browser and captures personal
information such as online banking credentials, is widely used by criminals to
pilfer from commercial bank accounts.
These messages accounted for as much as 24 percent of all spam sent within a
15-minute interval in the morning of Sept. 27, Cisco said. Cisco recommends
that IT administrators warn users to delete connection requests, especially if
they do not know the name of the contact.
Social networks are increasingly becoming a target for cyber-criminals.
Twitter was hit over the weekend by a worm associated with a "WTF"
and a link, as well as the cross-scripting
that crippled Twitter.com the week of Sept. 20. Facebook users have
not been immune, either.
Spam remains a popular form of attack, as with the "Here You Have"
e-mail worm that wreaked havoc earlier in September. Cisco expects to see more
spam messages containing malware sent to organizations to collect personal
LinkedIn has not yet publicly acknowledged the spam attack, nor warned users
about the messages.