WARNING: Linkedin spam attack could steal your passwords

29 sep

I have been receiving numerous emails this morning that appear to be coming from Linkedin.  These emails look official and are telling me I have pending invitations & messages in my Linkedin Inbox.  I thought the notification email looked a little suspicious, so I checked the links before clicking anything, and indeed the links do not go to linkedin.com.  After some research, I found out these emails are part of Zeus, which is fast spreading malware.

So where do the links go, and what is going to happen if I click one?

In the screenshot below, you will notice where I put my cursor over one of the invitation reminders (Do NOT click).  Once my mouse is over that link, the actual address of where the link is going is shown in the footer (where the 2nd arrow is pointing).  If this were a legit email from Linkedin, this link in the footer should be "www.linkedin.com".  What is showing there is "dewitnieuws.nl", however you may see a different address (spammers use various odd looking addresses like this).  If it's not "www.linkedin.com", don't click it, and immediately delete the message!

Linkedin spam scam

This screenshot is from Google Chrome (best browser out there), so if you're using Internet Explorer, Outlook or Firefox, you may need to RIGHT click the link & click properties to see where it's going.

If you did click it, then most likely your browser (not your computer) was infected with the ZeuS data theft malware, which will try to capture login information to the sites you visit (bank, email, etc...).

I know, you're thinking "oh crap, what now?"

Here's what I would do (in this order):

  1. Open another type of browser on your computer and change the passwords to any sites you visited AFTER you clicked the link in that fake Linkedin email.  For instance, if you usually use Internet Explorer (the big E), download & open Google Chrome or Firefox to change your passwords.  The Zeus malware only infects the browser that the link opened in.  If you don't know how to get another browser, just go to another computer and change your passwords from there (of course check with that computer's owner to make sure they didn't click a similar link).
  2. Download and run all of the following spyware/malware removal tools on your computer.  Not all tools get all the spyware/malware, which is why I recommend running all 3.
    1. Malwarebytes  (Trail  version)
      http://www.malwarebytes.org/
    2. Spybot  (Free version)
      http://www.safer-networking.org/en/spybotsd/index.html
    3. Microsoft Security Essentials  (all versions are free)
      http://www.microsoft.com/security_essentials/

Once you finish, you can keep all 3 on your computer, but you may want to uninstall 2 of them (too many programs doing the same thing can cause your computer to slow down).  I highly recommend leaving Microsoft Security Essentials on your computer if you don't have any other virus protection (AVG, Norton, etc...).  Running a computer wo/virus project is CRAZY, especially when you can get it for free.

Mac users have nothing to worry about, the ZeuS malware does not appear to infect your systems. You can go back iTunes, iPhoto, or whatever you guys do on those machines. Sorry, I have to give my mac friends a hard time whenever I can. Makes me feel better when I get infected w/malware on my PC :-)

Some additional articles about this issue can be found below:

http://www.pcworld.com/article/206372/warning_fake_linkedin_spam_can_steal_your_bank_passwords.html

http://blogs.cisco.com/security/comments/cisco_security_tracks_linkedin_spam_attack/


tags

#android, #apple, #book-review, #facebook, #gadgets, #gmail, #google-apps, #greer-sc, #how-to, #iphone, #linkedin, #movie-review, #phone-apps, #podcast, #recommended-reading, #social-media, #tech, #tips, #twitter, #warnings, #web-apps, #web-design, #windows-7, #windows-phone