The LinkedIn professional networking site connects more than 30 million users from across many different industries. The advantages of maintaining a list of trusted business contacts for career planning purposes is not lost on LinkedIn’s users.
The fostering of business relationships is further enhanced by features such as LinkedIn Answers and access from mobile devices.
Advanced Threats Researcher Ivan Macalintal found some bogus LinkedIn profiles which contain links to malware, using the names and images of famous personalities such as:
- Beyoncé Knowles
- Victoria Beckham
- Christina Ricci
- Kirsten Dunst
- Salma Hayek
- Kate Hudson
… and several others.
Below is a screenshot of the previously mentioned fake Beyoncé LinkedIn profile, with malicious links highlighted:
Bogus Profile of Beyoncé Knowles
Malicious links contained in these bogus profiles lead browsers through a series of redirections, but ultimately to malware.
Note that there are several routes this infection path may take. We are conducting a deeper investigation of these attacks in order best provide detection and protection against these threats. We will update this blog entry with additional information when it is available.
Update as of January 6 2008, 10:00 PM PST
The malicious file downloaded from the links contained in the mentioned fake profiles is detected by Trend Micro as TROJ_DLOAD.ML. Upon execution, TROJ_DLOAD.ML accesses certain URLs to download files detected as the following:
- TROJ_DLOAD.PN
- TROJ_DLOAD.PI
- TROJ_DLOAD.PG
In turn, these files attempt to download a fake antivirus application detected by Trend Micro as TROJ_FAKEAV.GDS.
Cybercriminals are said to be using pre-registered accounts on social networks as launchpads for this type of attack. Such pre-registered accounts are reportedly being sold in the black market today.
Update as of January 8 2008, 7:00 AM PST
Reports suggest that the previously mentioned pre-registered accounts are sold in black markets by the hundreds. The accounts are then used to send spam inside affected social networks.
Update as of January 15 2008
Analysis by Trend Micro researchers reveal that TROJ_FAKEAV.GDS has the following routines:
Upon execution, it displays the following GUI:
Figure 1. Fake antivirus software GUI
It also displays an icon on the system bar and a fake message alert:
Figure 2. Alarming warnings designed to rattle the user
When the user clicks the abovementioned message alert, the following fake Microsoft Security Center GUI is displayed:
Figure 3.Fake Microsoft Security Center GUI
Furthermore, clicking any link on the abovementioned Microsoft Security Center GUI will display the following prompt for registration:
Figure 4.Users are asked to register to be able to rid their system of viruses allegedly affecting it
If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!
January 6th, 2009 at 6:06 am
[...] TrendLabs Malware Blog rapporterar man om ett sätt att sprida malware via LinkedIn. Du får en kontaktförfrågan från [...]
January 6th, 2009 at 1:23 pm
[...] Malicious Content Bogus LinkedIn Profiles Harbor Malicious Content Just so you know, there are fake celebrity profiles on LinkedIn that have links to malicious code. **** it! I was sooo close to clicking that Beyoncé [...]
January 6th, 2009 at 2:32 pm
[...] to offer nude pics of the shapely singer, as recorded in screen shots obtained by Trend Micro here. A quick search of LinkedIn reveals that the offending profile has since been purged. We can expect [...]
January 6th, 2009 at 2:46 pm
LinkedIN hit by fake profiles http://tinyurl.com/9utoum
January 6th, 2009 at 4:32 pm
[...] currently active malware campaign is taking advantage of bogus LinkedIn profiles impersonating celebrities in an attempt to trick users into clicking on links serving bogus media [...]
January 6th, 2009 at 8:51 pm
[...] trusted business contacts for career planning purposes is not lost on LinkedIn’s users.” Read more… No comments for this entry [...]
January 7th, 2009 at 12:39 am
[...] – Incredibil. După Twitter urmează la rând ÅŸi LinkedIN. Profiluri ale unor “vedete” (Beyoncé Knowles , Victoria Beckham, Christina Ricci, Salma Hayek etc.) ce te trimit înspre website-uri cu malware. Mai multe amănunte aici: http://blog.trendmicro.com/bogus-linkedin-profiles-harbor-malicious-content/ [...]
January 7th, 2009 at 1:01 am
[...] sahte LinkedIn profilleri kötü amaçlı yazılım yayıyor Trend Micro blog‘unda LinkedIn’de ünlülerin gibi görünen sahte profillerin kötü amaçlı koda [...]
January 7th, 2009 at 1:17 am
[...] werden vor-registrierte Konten auf Social Networking Sites mit dem Namen Prominenter im Untergrund gehandelt, da diese sich als Plattform für diverse Angriffe missbrauchen lassen. Die Registrierung auf den [...]
January 7th, 2009 at 6:32 am
[...] issues with sites like Twitter and LinkedIn. Here’s a link to an article about the association of fake LinkedIn profile pages with [...]
January 7th, 2009 at 8:09 am
[...] it seem like profiles are infected somehow. A few examples of that can be found here and here and here. At least The Register called these people falling for this fools. What the titles of these reports [...]
January 7th, 2009 at 1:38 pm
[...] Monday, it was reported that LinkedIn had sccumbed to an attack as fake celebrity profiles were posted to lure unsuspecting users into handing over [...]
January 7th, 2009 at 4:48 pm
Cybercriminals used LinkedIn to harbor Trojans http://tinyurl.com/9utoum
January 7th, 2009 at 6:23 pm
Bogus LinkedIn Profiles Harbor Malicious Content http://tinyurl.com/9utoum
January 7th, 2009 at 7:43 pm
[...] Trend Micro blog writes that their are numerous fake celeb profiles on LinkedIn which contain links to malware. [...]
January 8th, 2009 at 12:40 am
[...] Bogus LinkedIn Profiles Harbor Malicious Content VN:F [1.0.8_357]please wait…Rating: 0.0/5 (0 votes [...]
January 8th, 2009 at 8:02 am
[...] you might want to subscribe to the RSS feed for updates on this topic.Powered by WP Greet Box News, yesterday, from TrendMicro, of yet another social network exploit, this time targeting [...]
January 9th, 2009 at 3:59 am
[...] of potential victims. Â Trend Micro recently reported that one of their researchers found bogus LinkedIn profiles that contained links to malware. The profiles contained images of high-profile celebrities, with [...]
January 9th, 2009 at 8:09 am
[...] Trend Micro blog‘unda LinkedIn’de ünlülerin gibi görünen sahte profillerin kötü amaçlı koda yönledirdiÄŸini yazmış. [...]
January 20th, 2009 at 7:39 pm
[...] This is a little old (five days based on the last update), but TrendMicro put on their blog about fake LinkedIn profiles which have links leading to malware. [...]
January 21st, 2009 at 3:08 am
[...] dio a conocer la especialista en seguridad Trend, acaba de ver la luz un ataque a través de la red que tiene como punto central dar a conocer el [...]
February 24th, 2009 at 7:16 am
[...] catch, in the sense that LinkedIn was among the very few social networking sites left untouched by cybercriminals in 2008. With LinkedIn’s staff actively removing the close [...]