Expect more attacks to come from social networking services, says security expert
By Gregg Keizer
Hackers have seeded LinkedIn Corp.’s business networking service with bogus celebrity profiles that link to malicious sites serving up attack code, a security researcher said today.
Unlike Twitter, which had nearly three-dozen legitimate accounts hijacked on Monday, LinkedIn was not compromised. Instead, criminals used the service to create phony profiles, gave them celebrities’ names and slapped on the word “nude” to further entice users. The celebrities named included singer Beyoncé and actresses Christina Ricci, Kirsten Dunst and Kate Hudson.
The identical profiles all sported links to sites that promised nude photographs of the celebrities, said Paul Ferguson, a threat researcher at security vendor Trend Micro Inc. Users who clicked on those sites were shunted to sites hosting malicious software.
“They’re using the same mechanism as have earlier e-mail spam campaigns, telling users that they have to install a
LinkedIn reacted quickly, according to Ferguson, who said that the fake accounts first appeared on the site Tuesday. “Once they were notified, they quickly took them down,” he said. “There’s only a handful left when I last looked.”
For more see computerworld.com.
Filed under: Business Technology, information security, trojan horse | Tagged: Data Privacy and Security, data security
