Networkers Beware: Fake LinkedIn profiles promise prurient pics, send patsies malware instead

Expect more attacks to come from social networking services, says security expert

By Gregg Keizer

Hackers have seeded LinkedIn Corp.‘s business networking service with bogus celebrity profiles that link to malicious sites serving up attack code, a security researcher said today.

Unlike Twitter, which had nearly three-dozen legitimate accounts hijacked on Monday, LinkedIn was not compromised. Instead, criminals used the service to create phony profiles, gave them celebrities’ names and slapped on the word “nude” to further entice users. The celebrities named included singer Beyoncé and actresses Christina Ricci, Kirsten Dunst and Kate Hudson.

The identical profiles all sported links to sites that promised nude photographs of the celebrities, said Paul Ferguson, a threat researcher at security vendor Trend Micro Inc. Users who clicked on those sites were shunted to sites hosting malicious software.

“They’re using the same mechanism as have earlier e-mail spam campaigns, telling users that they have to install a codec,” said Ferguson. The coder/decoder is nothing of the sort, but actually a disguised Trojan horse. “They’re just casting a wider net using LinkedIn,” he said.

LinkedIn reacted quickly, according to Ferguson, who said that the fake accounts first appeared on the site Tuesday. “Once they were notified, they quickly took them down,” he said. “There’s only a handful left when I last looked.”

For more see computerworld.com.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: