Networkers Beware: Fake LinkedIn profiles promise prurient pics, send patsies malware instead

Expect more attacks to come from social networking services, says security expert

By Gregg Keizer

Hackers have seeded LinkedIn Corp.‘s business networking service with bogus celebrity profiles that link to malicious sites serving up attack code, a security researcher said today.

Unlike Twitter, which had nearly three-dozen legitimate accounts hijacked on Monday, LinkedIn was not compromised. Instead, criminals used the service to create phony profiles, gave them celebrities’ names and slapped on the word “nude” to further entice users. The celebrities named included singer Beyoncé and actresses Christina Ricci, Kirsten Dunst and Kate Hudson.

The identical profiles all sported links to sites that promised nude photographs of the celebrities, said Paul Ferguson, a threat researcher at security vendor Trend Micro Inc. Users who clicked on those sites were shunted to sites hosting malicious software.

“They’re using the same mechanism as have earlier e-mail spam campaigns, telling users that they have to install a codec,” said Ferguson. The coder/decoder is nothing of the sort, but actually a disguised Trojan horse. “They’re just casting a wider net using LinkedIn,” he said.

LinkedIn reacted quickly, according to Ferguson, who said that the fake accounts first appeared on the site Tuesday. “Once they were notified, they quickly took them down,” he said. “There’s only a handful left when I last looked.”

For more see computerworld.com.

Advertisements