A significant email spam campaign was detected yesterday which targeted the LinkedIn social media community.
Targets were emailed an alert link with a fictitious social media contact request and after clicking the link, victims were taken to a web page that said ‘please waiting .... 4 seconds', which redirected them to the Google homepage.
According to Cisco, during those four seconds, the victim's PC was infected with the Zeus data theft malware by a drive-by download. It detected that within a 15-minute interval these messages accounted for as much as 24 per cent of all spam sent.
Cisco advised organisations to encourage individuals to delete such requests, especially if they do not know the name of the contact and suggests that the criminals behind this attack are most interested in employees with access to financial systems and online commercial bank accounts.
This is the second spam attack this month of this magnitude, preceded by the 'Here You Have' email worm a few weeks ago. Cisco expects to see more spam messages containing malware sent to organisations to collect personal information.
Henry Stern, senior security researcher at Cisco IronPort Systems, said: “This is not the first time that criminals have subverted brands associated with online social media. The criminals controlling the Cutwail botnet routinely send email messages impersonating major social networks and governmental organisations.
“What makes this attack unique is the combination of the extremely high volume of messages transmitted, the focus on business users and the use of the Zeus data-theft malware. This strongly suggests that the criminals behind this attack are most interested in employees with access to financial systems and online commercial bank accounts.”
The spam campaign follows the recent ‘here you have' worm, which saw the mass-mailing worm arrive via email, which contained a link that directed to a malicious program and emails containing HTML attachment spam messages.
Dave Michmerhuizen, security researcher at Barracuda Labs, warned of the latter, claiming that it had seen an enormous increase of spam containing malicious HTML attachments.
He said: “For years computer professionals have been telling email users to be particularly careful with emails from sources they do not recognise and to even be careful with unusual looking email from sources that they do trust.
“Users have been warned of the potential dangers associated with clicking on a file or link that arrives in an email. Many people assume that an HTML file is just a web page and that web pages are safe.”
He said that a campaign began on 16th September with spam tied to current Google trending topics that evolved slightly over the following days, with the subject lines changing from trend topics to more nonspecific email subjects that one might receive from a business associate.
“So yes, a seemingly innocent HTML email attachment can do plenty of damage, and while quite stealthy, definitely not harmless.”