Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    August 2015
    S M T W T F S
    « Jul    
  • Email Subscription

  • About Us

    Research Manager Ivan Macalintal found a bogus profile in LinkedIn that appears as one of the search results when the keyword “obama” is used.

    Cybercriminals riddled the profile page with links. The .cn links lead to a URL under the y0utybe domain (notice similarity with the legitimate video-sharing site), which in turn leads to a URL (under the .com domain localtubeonline). Finally, the links land the user on familiar malicious territory–an .EXE download (file name flash-plugin_update.40069.exe).

    The said landing page is actually one of the landing pages used in the blackhat SEO attack leveraging 9/11 memorials.

    Trend Micro detects the binary as TROJ_RENOS.BGI. The Trojan’s primary payload is to connect to other URLs to download other components for the attack’s completion. At the time of analysis, the URLs in the malware’s code are unavailable.

    Users are advised to refrain from clicking on links coming from untrusted sources. Social networking sites–even a business/corporated-oriented one such as LinkedIn–can easily be used by cybercriminals to get into people’s circle of trust. We have seen this in the following attacks:

    The best protection is to make sure security applications are updated with the latest patterns to avoid the effects of these latest threats.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice