LinkedIn Email Spam Packs Malware, Steals Bank Info

Dennis Faas's picture

If you've recently received an abundance of email LinkedIn invitation requests from strangers, you're not alone.

A new form of malicious spam attack is making its rounds, consisting of what appears to be an innocent  "friend request" from the popular business-oriented social networking site LinkedIn. The request is anything but legitimate; in actually, these fake emails contain links to a website where the malicious ZeuS malware is downloaded directly to your PC without consent.

The goal of ZeuS is simple: to compromise the personal and financial data of all of its victims.

Instant Infection Upon Clicking Link

ZeuS is a well-known threat that cybercriminals tend to favor because of its swiftness at targeting personal information, especially banking credentials.

Mixing the ZeuS trojan with LinkedIn is particularly dangerous because it targets the curious. Even if the link comes from an unknown source, the reputation LinkedIn carries (connecting old and unfamiliar acquaintances) is usually enough to entice users to click on an infected link.

Please Wait: While Your PC is Being Infected

After clicking on the malicious link, victims are treated to a seemingly harmless message that reads "PLEASE WAIT... 4 SECONDS", after which the browser redirects to Google. However, in those 4 seconds, the ZeuS malware is automatically installed to the victim's PC without any prior warning or interaction. (Source:

This is referred to as a drive-by-download attack.

Only 6 of 43 Antivirus Able to Detect Trojan

Standard antivirus tools may not be enough to ward off the malware. Of 43 antivirus programs sampled on the morning of the attack, only 6 were able to identify the threat.

"What infected users need to do is back up all of their data and restore the PC to a known-good state, such as restoring it to the factory image [or a recently backed up, clean disk image]. They will also need to change all passwords. If the same password is used on multiple sites, they will need to change those too, even if they haven't logged in after being infected," said Cisco Security researcher Henry Stern. (Source:

Free PC Security Guides from Infopackets

Drive-by-downloads happen instantly and without the consent of the user. Drive-by-download attacks are "allowed" to exist because they often target browser and operating system exploits, which supersede antivirus and firewall protection. That's why it's important to always install your Windows Updates regularly, and update your web browser (if and when updates are available).

For more information on how to stay safe against such attacks, please download our PC Security Guides, "Top 10 PC Security Essentials" and "Top 10 Passwords You Should Never Use" from our Free Kiosk. Both reports (and others) are available on the same page.

Rate this article: 
No votes yet