Sophos Cloud Optix
In a world where cybercriminals frequently target users of social networks such as Facebook and Twitter on a regular basis, fans of business network LinkedIn don’t get away scot free.
Take, for example, this malicious attack that we have seen spammed out over the last few days.
You receive an email in your inbox which appears, to all intents and purposes, to be a reminder that you have two outstanding requests to connect to others on LinkedIn, and have messages waiting.
However, the hyperlink doesn’t take you to LinkedIn’s website but instead to a webpage that installs a variant of the ZBot malware (also known as Zeus) onto your computer.
So, rather than expanding your business connections you have just widened your circle to include remote hackers who can now compromise your computer and potentially steal your confidential data. You shouldn’t be surprised if next time you login to your online bank, the hackers are able to view your passwords as easily as if they were peeping over your shoulder.
Don’t forget to keep your security defences up-to-date and your wits about you.
I had received such requests around 7 months back. But my policy is that if there is an invitation then I will check it only on LinkedIn and not via the notification emails. So, I never clicked those links. Although while performing the link analysis I had observed that these links are generally connected to the malware-ridden websites and sometimes to the pornographic websites. Especially on the pornographic one, they try to install persistent cookies which actually had the potential of tracking all the activities of the user. I didn't performed further analysis on this.
Thanks for the update dear author.