Spammers try to dupe LinkedIn users in Zeus attack

Spammers try to dupe LinkedIn users in Zeus attack

Summary: Attackers have tried to seize the banking details of users of the social network using a scattergun approach, according to Cisco security researchers

TOPICS: Security

Cybercriminals have targeted LinkedIn users in a concerted spam attack, according to Cisco security company IronPort.

Spammers began a campaign on Monday morning, Cisco senior security researcher Henry Stern told ZDNet UK on Tuesday. What differentiated the campaign from others was the scale of the attack and the fact that it targeted business users, he said.

"The combination of extremely high volume and the focus on business users suggests the attackers are interested in employees with access to online bank accounts," said Stern. "We've provided LinkedIn with the information they need to take action against the spammers."

Read this

ITU head: Cyberwar could be 'worse than tsunami'

Hamadoun Toure, the UN agency's secretary-general, has called for a global 'cyber peace treaty' in the context of the 'new world order' of cyberspace

Read more+

At one point on Monday, over a quarter of the spam hitting Cisco nodes was due to this particular attack, Stern said, with billions of emails being sent. The emails were not targeted, but were designed for LinkedIn users to self-select, he added.

Users of the LinkedIn business social network were encouraged to click on a link in the spam to a fictitious contact.

They were then taken to a compromised website designed to show a holding page containing an inline frame from a second server, entirely controlled by the criminals.

The inline frame then linked to a Trojan downloader. This Trojan downloaded the Zeus data-stealing software via the web browser from a third web server also controlled by the attackers.

The attack has been verified on several versions of Internet Explorer and also affects Firefox, said Stern, adding that dozens of legitimate websites were compromised. ZDNet UK understands these to include prominent US sports sites, among others.

There has only been one reported case of the malware being effective. Dan Tynan, a journalist for technology publication Infoworld, admitted to being taken in by the spam.

"I feel like a complete idiot," wrote Tynan in an article. "I just got taken by a LinkedIn spam that may have just stolen my banking password."

Stern said that there were only a small number of gangs capable of shifting cash out of corporate accounts, but that Cisco was not aware which gang or gangs were behind the spam attack.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to start the discussion