Bogus LinkedIn Profiles Lead To Malware
Trend Micro reports that bogus profiles on social networking website LinkedIn are installing malware. Fraudulent accounts in the name of celebrities such as Beyoncé Knowles, Victoria Beckham, Christina Ricci, Kirsten Dunst, Salma Hayek, Kate Hudson and others are littered with links that take surfers to site harboring malware.
The attack is still under investigation and reminds the old hacker trick of baiting infectious email attachments with celebrity lures. As if to reinforce the point, one of the fraudulent profiles is registered in the name of Paris Hilton and tempts users with supposed links to her infamous sex tapes.
Another bogus profile created in the name of Beyoncé Knowles claims to offer nude pics of the shapely singer, as recorded in screen shots obtained by Trend Micro here. A quick search of LinkedIn reveals that the offending profile has since been purged. Other fraudulent registrations to also disappear soon.
Security researchers have identified that at least some of the maliciously constructed profiles punted malicious scripts, specifically the Decdec-A Javascript code, linked to Trojan attacks.
McAfee adds that hundreds of identikit bogus profiles have been created by miscreants. “The rogue profiles look all alike, with a picture of the celebrity and three links to the parts of the “nude video” like shown in the following picture,” McAfee reports.
Spammers, malware authors and other cybercriminals may be abusing the system to link to their webpages in the hope that it will generate a higher ranking in search engines like Google, explained in by Sophos security blog. When an unsuspecting user gets tricked to follow the lure, he will end up on different malicious websites trying the classical social-engineering tricks of either the “missing video codec” or of showing a fake AV scan and telling that the user his computer was infected with malware and offering a “free” AV scanner software, which in fact is the real threat.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.