Wednesday 29 September 2010

LinkedIn Spam Attack Spreads ZeuS Malware (PC Magazine)

Researchers at Cisco Security Intelligence Operations on Monday detected a new spam attack in the form of a false LinkedIn connection request. According to Cisco, these messages "accounted for as much as 24 percent of all spam sent within a 15-minute interval." Those who fell for the trap and clicked the link saw a Web site with the message "PLEASE WAITING.... 4 SECONDS", after which the browser redirected to Google.

During that short time, the malicious Web site infected the user's PC with the ZeuS data theft malware using a drive-by download, according to Cisco. ZeuS is a well-known threat commonly used by cyber-criminals to steal personal information, especially banking credentials.

This attack is more insidious than the recent "Here You Have" fiasco. Even users who know not to click links in e-mail from strangers may click to view an invitation, on the chance that the sender is an old acquaintance or one-time colleague. Cisco reported that its IronPort Anti-Spam blocked these messages "within minutes of the spam campaign's start".

A ZeuS attack is serious, as the malware concentrates on capturing passwords and login credentials. Henry Stern, Cisco Security researcher, advised that cleaning up the attack manually or with an antivirus tool is not sufficient.

"What infected users need to do is back up all of their data and restore the PC to a known-good state, such as restoring it to the factory image," said Stern. "They will also need to change all passwords. If the same password is used on multiple sites, they will need to change those too, even if they haven't logged in after being infected. So many sites use our email addresses as our login which makes it easy for an attacker who knows our favorite password to get into all of our accounts."

Stern also noted that merely maintaining an up-to-date antivirus does not guarantee you're protected from ZeuS. He offered a link to VirusTotal showing this morning's sample caught by just six of 43 engines. "Reputation-based Web security products, such as our IronPort S-Series appliances, are helpful as well because they can prevent your PC from accessing the threat," concluded Stern.

The prospect of reformatting the PC and starting fresh is horrifying enough, but identifying and changing all passwords could be an equally tough proposition. E-mail users should avoid clicking on any type of social media request where the sender isn't familiar.

Source: HERE

No comments: