Users of the LinkedIn social network were the victims of one of the biggest spam attacks in September, according to Kaspersky Lab’s monthly report on global spam activity.
The attack saw a host of messages being distributed with a link to ZeuS, a malicious program which has been the focus of attention for many antivirus companies. The messages came in spurts at the end of the month and displayed headings such as “LinkedIn Update”, “LinkedIn Messages” and “LinkedIn Alert”. The body of the message informed recipients about two unread messages. When a user clicked the link their computer was infected with one of the variations of the Trojan-Spy.Win32.Zbot (ZeuS) program. The link to the ‘private messages’ either led to automatically generated second-level domains in the .info zone or to hacked domains in the .com zone (in the latter case the links ended in 1.html).
The report also showed a considerable decrease in the number of Zbot (ZeuS) detections by mail antivirus programs in the UK and USA following the arrests of gang members accused of using ZeuS to steal $70 million over the last eighteen months. The criminals had laundered the money using fake credit cards with credentials they had acquired with the help of ZeuS. The other big event in September was the imminent closure of the vast criminal partner program SpamIt, notorious for its commitment to the Canadian Pharmacy Viagra brand.
“Our spam-related forecasts for October are, on the one hand, positive – the closure of SpamIt at the end of September will no doubt reduce the amount of Viagra adverts. On the other hand, the end of the month was marked by a growth in emails containing malicious code, which means the spammers have already switched from advertising pharmaceuticals to spreading malware,” said Maria Namestnikova, Senior Spam Analyst at Kaspersky Lab.
The full version of the spam report for September 2010 is available at http://www.securelist.com/en/analysis.
If you’d like to speak with David Emm, senior regional researcher at Kaspersky Lab UK, about the threats posed by spam and phishing scams, and how those targeted can protect themselves, please contact the team at Berkeley PR on 0118 988 2992 or firstname.lastname@example.org.