LinkedIn fell victim to one of the biggest spam attacks in September. The attack saw a host of messages being distributed with a link to Zeus, a notorious Trojan.
So says Kaspersky Lab, adding that the messages came in spurts at the end of the month, featuring headings such as 'LinkedIn Update', 'LinkedIn Messages'and'LinkedIn Alert'. The body of the message informed recipients about two unread messages.
According to the security giant, when a user clicked on the link, their computer was infected with one of the variations of the Trojan-Spy.Win32.Zbot, or Zeus program. The link to the 'private messages' either led to automatically generated second-level domains in the .info zone or to hacked domains in the .com zone (in the latter case the links ended in 1.html).
“The Zeus theme continued with the arrests of several dozen Eastern Europeans by US and British authorities,” says Kaspersky. “They were accused of using Zeus to steal $70 million over the last eighteen months. The criminals had laundered the money using fake credit cards with credentials they had acquired with the help of Zeus.”
Kaspersky says it would seem that the arrests forced the other members of the criminal gang to lie low, at least in the USA and the UK, as a considerable decrease in the number of Zbot/Zeus detections by mail anti-virus programs in the territory of these countries on the day of the arrests was noted.
The company cites the imminent closure of the vast criminal partner program SpamIt, notorious for its commitment to the Canadian Pharmacy Viagra brand, as another significant event in September.
“Our spam-related forecasts for October are, on the one hand, positive - the closure of SpamIt at the end of September will no doubt affect the amount of Viagra adverts.
On the other hand, the end of the month was marked by a growth in e-mails containing malicious code, which means the spammers have already switched from advertising pharmaceuticals to spreading malware,” said Maria Namestnikova, senior spam analyst at Kaspersky Lab.
The full version of the spam report for September 2010 is available at www.securelist.com
Share
