Warning: Fake LinkedIn spam can steal your bank passwords

Bogus LinkedIn emails can infect your computer with ZeuS, a password-stealing Trojan. I know, because it just happened to me.



OK, I've done stupid things before, with and without computers. I have had many malware infestations, including one variant of the Cool Web Search spyware app that required three months of trying different anti-spyware tools before I could nuke it (Webroot's Spy Sweeper did the job then). But as far as I know I've never compromised my bank account information -- until now.

I've been scanning my system using Kaspersky, and so far it hasn't detected anything out of the ordinary (which doesn't mean ZeuS isn't still lurking -- no anti-malware software is 100 percent reliable). I've already logged on from Firefox and changed my banking info -- but the folks at Cisco Security tell me that ZeuS might still be able to compromise my account.

Here's what Cisco Security Researcher Henry Stern had to tell me:

....if the software on your PC is up to date, particularly Adobe and Sun (Java) products, you may not necessarily have been infected by visiting the site.  If you use Mozilla Firefox with NoScript, you almost certainly haven’t unless you explicitly allowed the offending script to run...

If you have been infected, anything that you have typed into any of your web browsers has probably been compromised.  Also, everything in your browser password stores have been compromised.  The criminals behind this ARE looking for bank logins, so if you have logged in or changed your password, they have it.  If you are a retail banking customer, you are less likely to actually be compromised but that does not matter.

There are instructions online for removing the ZeuS trojan, but I do not recommend any of them.  If you have been simultaneously infected with anything else, you will miss it.  What you need to do is back up all of your data and restore your PC to a known-good state, such as restoring it to the factory image.  You will also need to change all of your passwords.  If you use the same password on multiple sites, you will need to change those too, even if you haven’t logged in after being infected.  So many sites use your email address as your login which makes it easy for an attacker who knows your favourite password to get into all of your accounts.

Bottom line here: Don't do what I did. Delete any LinkedIn spam that looks even the slightest bit suspicious. Needless to say I won't be sleeping very well tonight.

Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question