CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
January 6th, 2009

Bogus LinkedIn Profiles Lead To Malware

Trend Micro reports that bogus profiles on social networking website LinkedIn are installing malware. Fraudulent accounts in the name of celebrities such as Beyoncé Knowles, Victoria Beckham, Christina Ricci, Kirsten Dunst, Salma Hayek, Kate Hudson and others are littered with links that take surfers to site harboring malware.

The attack is still under investigation and reminds the old hacker trick of baiting infectious email attachments with celebrity lures. As if to reinforce the point, one of the fraudulent profiles is registered in the name of Paris Hilton and tempts users with supposed links to her infamous sex tapes.

Another bogus profile created in the name of Beyoncé Knowles claims to offer nude pics of the shapely singer, as recorded in screen shots obtained by Trend Micro here. A quick search of LinkedIn reveals that the offending profile has since been purged. Other fraudulent registrations to also disappear soon.

Security researchers have identified that at least some of the maliciously constructed profiles punted malicious scripts, specifically the Decdec-A Javascript code, linked to Trojan attacks.

McAfee adds that hundreds of identikit bogus profiles have been created by miscreants. “The rogue profiles look all alike, with a picture of the celebrity and three links to the parts of the “nude video” like shown in the following picture,” McAfee reports.

Spammers, malware authors and other cybercriminals may be abusing the system to link to their webpages in the hope that it will generate a higher ranking in search engines like Google, explained in by Sophos security blog. When an unsuspecting user gets tricked to follow the lure, he will end up on different malicious websites trying the classical social-engineering tricks of either the “missing video codec” or of showing a fake AV scan and telling that the user his computer was infected with malware and offering a “free” AV scanner software, which in fact is the real threat.

Share this item with others:

More on CyberInsecure:
  • Bebo Social Network Targeted By Spammers Again, Tens Of Thousands Of Bogus Accounts Generated Monthly
  • Digg.com Hit By Comments Spam That Leads To Malware
  • Phishing Experiment Bypasses All Anti-spam Filters
  • Bogus Twitter Profiles Are Being Used To Spread Malware
  • Automated Malware Attacks Hit Facebook, CAPTCHA Possibly Cracked

    • Posted in Malware, Scams, Social Networks, Spam, Trojans & Worms, Vulnerabilities | Print This Post Print This Post

    This entry was posted on Tuesday, January 6th, 2009 at 10:58 am and is filed under Malware, Scams, Social Networks, Spam, Trojans & Worms, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Bogus LinkedIn Profiles Lead To Malware

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »