Beware malicious LinkedIn invitation reminders

Filed Under: Data loss, Malware, Social networks, Spam

In a world where cybercriminals frequently target users of social networks such as Facebook and Twitter on a regular basis, fans of business network LinkedIn don't get away scot free.

Take, for example, this malicious attack that we have seen spammed out over the last few days.

LinkedIn malware attack

You receive an email in your inbox which appears, to all intents and purposes, to be a reminder that you have two outstanding requests to connect to others on LinkedIn, and have messages waiting.

However, the hyperlink doesn't take you to LinkedIn's website but instead to a webpage that installs a variant of the ZBot malware (also known as Zeus) onto your computer.

So, rather than expanding your business connections you have just widened your circle to include remote hackers who can now compromise your computer and potentially steal your confidential data. You shouldn't be surprised if next time you login to your online bank, the hackers are able to view your passwords as easily as if they were peeping over your shoulder.

Don't forget to keep your security defences up-to-date and your wits about you.

, , , , , ,

You might like

One Response to Beware malicious LinkedIn invitation reminders

  1. I had received such requests around 7 months back. But my policy is that if there is an invitation then I will check it only on LinkedIn and not via the notification emails. So, I never clicked those links. Although while performing the link analysis I had observed that these links are generally connected to the malware-ridden websites and sometimes to the pornographic websites. Especially on the pornographic one, they try to install persistent cookies which actually had the potential of tracking all the activities of the user. I didn't performed further analysis on this.

    Thanks for the update dear author.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog at, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter at @gcluley