Jan5
11:00 pm (UTC-7)   |   by Macky Cruz (Technical Communications)

The LinkedIn professional networking site connects more than 30 million users from across many different industries. The advantages of maintaining a list of trusted business contacts for career planning purposes is not lost on LinkedIn’s users.

The fostering of business relationships is further enhanced by features such as LinkedIn Answers and access from mobile devices.

Advanced Threats Researcher Ivan Macalintal found some bogus LinkedIn profiles which contain links to malware, using the  names and images of  famous personalities such as:

  • Beyoncé Knowles
  • Victoria Beckham
  • Christina Ricci
  • Kirsten Dunst
  • Salma Hayek
  • Kate Hudson

… and several others.

Below is a screenshot of the previously mentioned fake Beyoncé LinkedIn profile, with malicious links highlighted:


Bogus Profile of Beyoncé Knowles

Malicious links contained in these bogus profiles lead browsers through a series of redirections, but ultimately to malware.

Note that there are several routes this infection path may take. We are conducting a deeper investigation of these attacks in order best provide detection and protection against these threats. We will update this blog entry with additional information when it is available.

Update as of January 6 2008, 10:00 PM PST

The malicious file downloaded from the links contained in the mentioned fake profiles is detected by Trend Micro as TROJ_DLOAD.ML. Upon execution, TROJ_DLOAD.ML accesses certain URLs to download files detected as the following:

  • TROJ_DLOAD.PN
  • TROJ_DLOAD.PI
  • TROJ_DLOAD.PG

In turn, these files attempt to download a fake antivirus application detected by Trend Micro as TROJ_FAKEAV.GDS.

Cybercriminals are said to be using pre-registered accounts on social networks as launchpads for this type of attack. Such pre-registered accounts are reportedly being sold in the black market today.

Update as of January 8 2008, 7:00 AM PST

Reports suggest that the previously mentioned pre-registered accounts are sold in black markets by the hundreds. The accounts are then used to send spam inside affected social networks.

Update as of January 15 2008

Analysis by Trend Micro researchers reveal that TROJ_FAKEAV.GDS has the following routines:

Upon execution, it displays the following GUI:


Figure 1. Fake antivirus software GUI

It also displays an icon on the system bar and a fake message alert:


Figure 2. Alarming warnings designed to rattle the user

When the user clicks the abovementioned message alert, the following fake Microsoft Security Center GUI is displayed:


Figure 3.Fake Microsoft Security Center GUI

Furthermore, clicking any link on the abovementioned Microsoft Security Center GUI will display the following prompt for registration:


Figure 4.Users are asked to register to be able to rid their system of viruses allegedly affecting it

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!



This entry was posted on Monday, January 5th, 2009 at 11:00 pm and is filed under Security . You can leave a response, or trackback from your own site.



25 Responses to “Bogus LinkedIn Profiles Harbor Malicious Content”

Trackbacks

  1. LinkedIn kan sprida malware | jobbdator.se
  2. Bogus LinkedIn Profiles Harbor Malicious Content - Computer Forums
  3. Bogus LinkedIn profiles punt malware to fools | TechKraze
  4. geetarchurchy (geetarchurchy)
  5. Bogus LinkedIn profiles serving malware | Zero Day | ZDNet.com
  6. Think before clicking on links - DfenseSolutions
  7. 06-01-2009 Summary : Bobica Alexandru
  8. Ünlülerin sahte LinkedIn profilleri kötü amaçlı yazılım yayıyor
  9. Gefälschte LinkedIn-Profile verbreiten Trojaner « Computerhilfe u. Info Blog
  10. Self-Protection part 9 | ThreatBlog
  11. Neohaxor.org » Blog Archive » LinkedIn Profiles Are Not “Serving” Malware
  12. Twitter, Welcome to the Mainstream! Just Don’t Drown!
  13. rohit11 (Rohit Srivastwa)
  14. mohitmehta (Mohit Mehta)
  15. LinkedIn called out for “turning a blind eye” to fake celeb profiles | Internet Marketing Blog
  16. Twitter: 33 conturi sparte
  17. Bogus Profiles Discovered On LinkedIn…A Malware Sanctuary?
  18. LinkedIn links leading to malware | Marcos Christodonte II - Information Security Blog
  19. Ünlülerin sahte LinkedIn profilleri kötü amaçlı yazılım yayıyor | Serkan ALTOPRAK Kişisel Blog Çalışması
  20. SQL Server Central
  21. LinkedIn: ¿una red social insegura? « Miguelthepooh’s Blog
  22. Dissecting the Bogus LinkedIn Profiles Malware Campaign | dsecure.net
  23. Social Media Security » LinkedIn Profiles Are Not “Serving” Malware
  24. Social Media Security » LinkedIn Profiles Are Not Serving Malware
  25. Bogus Profile in LinkedIn Leads to FAKEAV

Leave a Reply


Once Again, Bogus Promos Used to Seed Malware
So Is It Twitter or Facebook?


 
TrendWatch Hijack This Web Protection Add-On
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
 



    		 
© Copyright 2009 Trend Micro Inc. All rights reserved. Legal Notice