Windows 7: Fake LinkedIn e-mails lead to Zeus Trojan

Criminals are using bogus LinkedIn invite e-mails to trick people into clicking on links that lead to the Zeus data-stealing Trojan, a researcher warned today. The malware targets Windows users.

Researchers saw tens of billions of messages related to the attack yesterday, Henry Stern, a senior security researcher at Cisco Systems, told CNET. "There have been some bursts today, but nothing like yesterday," he said. "The botnet responsible for this is still in operation and it's just doing something else right now."

While this attack appears to be abating, people should be wary of any new campaigns that use similar methods.

"This attack is particularly interesting because of its size," Stern said. "It's one of the largest viral campaigns we've seen, and one of the largest that mimics a social network."
In this attack, the e-mails looked like legitimate LinkedIn invites with a Web link for confirming a contact. However, the link doesn't lead to LinkedIn; it redirects to a Web page and displays a message saying "Please waiting .... 4 seconds" before then redirecting to Google.

Computer users are likely to shrug it off, but behind the scenes nasty things have happened. The page users are redirected to has malicious JavaScript hidden in an iFrame that detects what browser is being used and what applications are running and figures out if there is a vulnerability it can exploit to drop the Zeus malware onto the system, Stern said.