Application security, Malware, Phishing, Threat Management, Vulnerability Management

LinkedIn spam run aims to foist Zeus on victim PCs

Users of LinkedIn are being targeted in a massive spam campaign designed to install the bank credential-stealing Zeus trojan on their machines. The emails, accounting for nearly a quarter of all spam at one point Monday, mimic LinkedIn invitations, according to Cisco. But when users click on the link contained in the message, they are delivered to a website that reads "PLEASE WAITING...4 SECONDS" and then are directed to Google. During that time, however, Zeus is installed on their machines if they are unpatched for certain browser vulnerabilities. This particular spam campaign and ensuing drive-by download attempts are notable because of the size and the apparent targets: business professionals with access to corporate bank accounts, Henry Stern, a Cisco senior security researcher, said in a blog post. — DK

Related

GitHub search exploited for malware distribution

Malware-laced GitHub repositories using popular names and topics are being advanced by threat actors through automated updates and fraudulent stars meant to manipulate the leading software developer platform's search rankings as part of a new open-source supply chain attack, The Hacker News reports.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.