Prospective employers and job applicants aren’t the only ones using LinkedIn
for research. Cyber-criminals are increasingly using the social networking site
for professionals to identify potential victims, according to security experts.
Security firm Trusteer uncovered spam messages designed to look almost the
same as legitimate notification messages from LinkedIn, Trusteer
CEO Mickey Boodaei wrote on the company blog June 2. When users click on
the link in the message, usually an invitation to connect with someone, they
are redirected to a malicious server in Russia serving up malware.
Through LinkedIn, cyber-criminals can build a profile of targeted
enterprises and locate key people within the organization. The spam messages
sent to those folks could be used to install malware, which could steal login
credentials or other confidential information.
"Sounds unlikely? Well, think again," Boodaei said.
The fraudulent LinkedIn messages take users to a salesforceappi.com domain.
Despite the name, the domain has nothing to do with Salesforce.com. It was
registered May 31, and the server associated with the IP address is based in
Russia.
The users are then hit by drive-by-download attacks based on the BlackHole
exploit kit to install the Zeus 2 Trojan on the computer, according to
Trusteer. This Zeus variant transmits the stolen data to a server in Zhejiang,
China.
To read the original eWeek article, click here: Fake LinkedIn Messages Install Zeus Malware on Victims’ Computers