Switched has a new home! Huffpost Tech.

Click here to visit the new home of Switched!

Hot on HuffPost Tech:

See More Stories
AOL Tech

Fake E-mail LinkedIn Requests Send Users to Zeus Trojan

by Amar Toor on September 29, 2010 at 11:40 AM

linked inIf you've received any suspicious-looking e-mails from LinkedIn recently, you may have been targeted by the latest Trojan attack to hit inboxes.

The malicious e-mails, which targeted billions of Windows users yesterday, seemed like normal LinkedIn invitations from random contacts. And, like most LinkedIn invites, the messages asked users to click a link to confirm the request. Instead of sending recipients to the site, however, the link directed users to a different page, hosting a message that read, "Please waiting .... 4 seconds." Eventually, users were directed to the Google homepage, which, at first glance, would seem innocuous enough.

As it turns out, though, the initial webpage contained malicious JavaScript, hidden in an iFrame. The script could reportedly detect which browser an individual was using, and automatically identify vulnerabilities in his or her system. Upon discovering a vulnerability, the script would then bug the system with a Zeus Trojan, which can steal any data that a user enters into Web forms, including passwords and bank information.

Although the attack sent out tens of billions of messages yesterday, researchers at Cisco Systems say it now seems to be in remission. Yet, as CNET points out, users should still be on the lookout for any attacks using similar tactics. "The botnet responsible for this is still in operation and it's just doing something else right now," says Henry Stern, a senior security researcher at Cisco Systems.

To protect yourself from similar campaigns, Cisco recommends that users keep their antivirus software up to date. As Stern advises, "make sure all Web browser-related software, especially Adobe Reader, Flash, and Java, have the latest security updates." For the time being, it's also a good idea to accept any LinkedIn requests by typing the site URL directly into your browser, instead of clicking on any e-mailed links.

It may be difficult, moreover, to actually determine whether or not your computer has been infected, since the malware reportedly hides behind different processes running on a targeted PC. Researchers have discovered, however, that infected computers are sending communication requests to a Russian server. If you're running a personal firewall, then, it might be a good idea to check your outbound logs for any host names ending in '.ru.'

Tags: botnet, Cisco, email, inbox, linkedin, malware, security, SocialNetworking, trojan, virus, ZEUS, ZeusBotnet

Comments

4

HuffPost AOL Social News Most Popular