Fake LinkedIn profiles laden with malicious links

News by Dan Raywood

Fake LinkedIn profiles have been created with the intention of spreading malware.

Fake LinkedIn profiles have been created with the intention of spreading malware.


Trend Micro advanced threats researcher Ivan Macalintal has revealed some bogus LinkedIn profiles that are designed to look like the profiles of celebrities. Macalintal claimed that the pages, which use the names and images of the likes of Beyoncé Knowles, Victoria Beckham, Kirsten Dunst and Salma Hayek, contain links to malware.


The Beyoncé Knowles page features several links to ‘Beyoncé Knowles nude' , although Trend Micro have detected that the links are malicious and lead browsers through a series of redirections, ultimately to malware.


The company claimed that there are several routes that the infection path may take, and it is conducting a deeper investigation of these attacks in order best provide detection and protection against these threats.


The malicious file was detected as TROJ_DLOAD.ML which upon execution, accesses certain URLs to download files detected as TROJ_DLOAD.PN, TROJ_DLOAD.PI and TROJ_DLOAD.PG. These files attempt to download a fake antivirus application detected by Trend Micro as TROJ_FAKEAV.GDS.


Graham Cluley, senior technology consultant at Sophos, said: “It's surprising how many people signed-up on LinkedIn have words like ‘nude' and ‘naked' in their job title. It's possible that some of these are genuine (for instance, the person who claims to be the Chief Nude Parachutist at a New York-based company), but many of them are not.


“Some of the links contained in these profiles are currently down, but SophosLabs can confirm that as recently as January 1st 2009, the malicious Troj/Decdec-A Javascript code was being found on them, downloading further malware onto visiting computers.


“It's a shame that LinkedIn aren't keeping a closer eye on obviously bogus profiles being created on their site. Undoubtedly spammers, malware authors and other cybercriminals may be abusing the system to link to their webpages in the hope that it will generate a higher ranking in search engines like Google.”




Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews