Malicious LinkedIn Messages Hit Computers with Zeus Malware
The New Reality for Customer Engagement
Date: 5/31/2018 @ 1 p.m. ET
Prospective employers and job applicants aren't the only ones using LinkedIn for research. Cyber-criminals are increasingly using the social networking site for professionals to identify potential victims, according to security experts.
Security firm Trusteer uncovered spam messages designed to look almost the same as legitimate notification messages from LinkedIn, Trusteer CEO Mickey Boodaei wrote on the company blog June 2. When users click on the link in the message, usually an invitation to connect with someone, they are redirected to a malicious server in Russia serving up malware.
Through LinkedIn, cyber-criminals can build a profile of targeted enterprises and locate key people within the organization. The spam messages sent to those folks could be used to install malware, which could steal login credentials or other confidential information.
"Sounds unlikely? Well, think again," Boodaei said.
The fraudulent LinkedIn messages take users to a salesforceappi.com domain. Despite the name, the domain has nothing to do with Salesforce.com. It was registered May 31, and the server associated with the IP address is based in Russia.
The users are then hit by drive-by-download attacks based on the BlackHole exploit kit to install the Zeus 2 Trojan on the computer, according to Trusteer. This Zeus variant transmits the stolen data to a server in Zhejiang, China.
IT Solutions Builder TOP IT RESOURCES TO MOVE YOUR BUSINESS FORWARD
Which topic are you interested in?
What is your company size?
What is your job title?
What is your job function?
Searching our resource database to find your matches...