Members of the popular professional social network LinkedIn are being targeted by a highly aggressive malware campaign designed to infect users' PCs and mobile devices for the purpose of pilfering personal information, including their online banking credentials.
Security researchers at Cisco Systems' (NASDAQ: CSCO) IronPort security group this morning reported that this newly discovered ZeuS data theft program accounted for as much as 24 percent of all spam messages on the Internet during a 15-minute interval Monday afternoon.
Though not as popular and prone to malware incidents as other social networking sites, such as Facebook, MySpace and Twitter, LinkedIn still counts more than 50 million registered users and makes for a fine target for online hustlers.
This new scam begins with users receiving an unsolicited and fictitious social media contact request. Once unsuspecting victims click on the link, they're taken to a website that says, "Please waiting...4 seconds" and then redirects them to Google.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
"During those four seconds, the victim's PC is infected with the ZeuS data theft malware by a drive-by download," Cisco officials said in a security advisory. "ZeuS embeds itself in the victim's Web browser and captures personal information, such as online banking credentials, and is widely used by criminals to pilfer commercial bank accounts."
LinkedIn officials were not immediately available to comment on the attack.
Security experts advise all Internet users to delete any unsolicited social media requests and to avoid clicking on any embedded links or applications housed in the emails.
The severity of the latest attack is on par with the vicious "Here You Have" virus that infiltrated tens of thousands of corporate email servers earlier this month and, at its peak, accounted for more than 42 billion spam messages in its first day.
Follow eSecurityPlanet on Twitter @eSecurityP.