Fake Celebrity Profiles on LinkedIn Pose Malware Threats
Just as with most social networking websites, the business networking site LinkedIn too seems to be growing into a preferred platform for cyber-criminals seeking to trick unsuspecting users into believing their lures and agreeing to visit their fraudulent, malware-infested websites.
McAfee researchers said that a reckless number of bogus profiles on LinkedIn could risk users with malware infection, as presently hundreds of fake profiles are posted on the site offering nude pictures of celebrities.
Thus, when a user clicks any of the given links, he is forwarded to a different site that tries to plant an exploit having an iFrame and subsequently divert him onto other potentially dangerous sites.
Also, on clicking any of the web-links to "my blog" or "my URL" shown on the fake LinkedIn profile pages, users are diverted to pages where they are lured into taking down a codec or an update for multimedia player that in reality installs malware.
Moreover, instead of reproducing the actual businesspersons' identities, the profiles chiefly advertise cheap content like "Kate Hudson nude" or "nude Kirsten Dunst."
According to a posting by Micha Pekrul, a researcher at McAfee, when an unwary user falls for the trick and follows the command, he is likely to be taken to malware-laden websites. These websites attempt to employ traditional social engineering tactics either by displaying a phony AV scan with the warning that there is malware on the user's system, thereby asserting the need to use the free AV software offered, or by talking of installing a codec to view the video. Both these tricks, however, pose real threats, as reported by Vnunet on January 6, 2009.
And while LinkedIn's reputation makes it improbable that increasing users would click through profiles that are being used to advertise celebrity porn, people must realize that the site's business nature could make it potentially more dangerous when the truly cunning hackers get their hands on it.
Meanwhile, as per a Trend Micro blog posting, they have also found fake celebrity profiles on LinkedIn that are delivering malicious code.
Related article: Fake Spam Mail Announces Australian PM’s Heart Attack
» SPAMfighter News - 13-01-2009