LinkedIn Users Targeted By Spam Attack

The attack on the LinkedIn social network follows attacks on Twitter, Facebook and others

Malicious cyber-criminals aren’t just targeting Twitter users; LinkedIn members are in their crosshairs, as well.

LinkedIn members were reportedly deluged with spam email messages masquerading as connection requests from the career-oriented social networking site on 27 September.

Clicking on these requests sent users to a website that displayed “PLEASE WAITING…4 SECONDS” before redirecting them to Google. During those 4 seconds, the website downloaded Zeus data-theft malware onto their PCs, according to Cisco Systems.

Social networks in the crosshairs

Zeus, which embeds itself in the victim’s web browser and captures personal information such as online banking credentials, is widely used by criminals to pilfer from commercial bank accounts.

These messages accounted for as much as 24 percent of all spam sent within a 15-minute interval in the morning of 27 September, Cisco said. Cisco recommends that IT administrators warn users to delete connection requests, especially if they do not know the name of the contact.

Social networks are increasingly becoming a target for cyber-criminals. Twitter was hit over the weekend by a worm associated with a “WTF” tweet and a link, as well as the cross-scripting exploit that crippled the week of 20 September. Facebook users have not been immune, either.

Spam remains a popular form of attack, as with the “Here You Have” email worm that wreaked havoc earlier in September. Cisco expects to see more spam messages containing malware sent to organisations to collect personal information.

LinkedIn has not yet publicly acknowledged the spam attack, nor warned users about the messages.