Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Recent Posts

  • Calendar

    October 2014
    S M T W T F S
    « Sep    
     1234
    567891011
    12131415161718
    19202122232425
    262728293031  
  • About Us

    The LinkedIn professional networking site connects more than 30 million users from across many different industries. The advantages of maintaining a list of trusted business contacts for career planning purposes is not lost on LinkedIn‘s users.

    The fostering of business relationships is further enhanced by features such as LinkedIn Answers and access from mobile devices.

    Advanced Threats Researcher Ivan Macalintal found some bogus LinkedIn profiles which contain links to malware, using the  names and images of  famous personalities such as:

    • Beyoncé Knowles
    • Victoria Beckham
    • Christina Ricci
    • Kirsten Dunst
    • Salma Hayek
    • Kate Hudson

    … and several others.

    Below is a screenshot of the previously mentioned fake Beyoncé LinkedIn profile, with malicious links highlighted:


    Bogus Profile of Beyoncé Knowles

    Malicious links contained in these bogus profiles lead browsers through a series of redirections, but ultimately to malware.

    Note that there are several routes this infection path may take. We are conducting a deeper investigation of these attacks in order best provide detection and protection against these threats. We will update this blog entry with additional information when it is available.

    Update as of January 6 2008, 10:00 PM PST

    The malicious file downloaded from the links contained in the mentioned fake profiles is detected by Trend Micro as TROJ_DLOAD.ML. Upon execution, TROJ_DLOAD.ML accesses certain URLs to download files detected as the following:

    • TROJ_DLOAD.PN
    • TROJ_DLOAD.PI
    • TROJ_DLOAD.PG

    In turn, these files attempt to download a fake antivirus application detected by Trend Micro as TROJ_FAKEAV.GDS.

    Cybercriminals are said to be using pre-registered accounts on social networks as launchpads for this type of attack. Such pre-registered accounts are reportedly being sold in the black market today.

    Update as of January 8 2008, 7:00 AM PST

    Reports suggest that the previously mentioned pre-registered accounts are sold in black markets by the hundreds. The accounts are then used to send spam inside affected social networks.

    Update as of January 15 2008

    Analysis by Trend Micro researchers reveal that TROJ_FAKEAV.GDS has the following routines:

    Upon execution, it displays the following GUI:


    Figure 1. Fake antivirus software GUI

    It also displays an icon on the system bar and a fake message alert:


    Figure 2. Alarming warnings designed to rattle the user

    When the user clicks the abovementioned message alert, the following fake Microsoft Security Center GUI is displayed:


    Figure 3.Fake Microsoft Security Center GUI

    Furthermore, clicking any link on the abovementioned Microsoft Security Center GUI will display the following prompt for registration:


    Figure 4.Users are asked to register to be able to rid their system of viruses allegedly affecting it





    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   del.icio.us   StumbleUpon






     

    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice