LinkedIn pages that promise prurient pics link to malware

IDG News Service — Mon, 12 Jan 2009 11:52:57 -0800

Hackers last week seeded LinkedIn Corp.'s business networking site with bogus celebrity profiles that link to malicious Web sites, according to security researchers.

Paul Ferguson, a researcher at Trend Micro Inc. in Cupertino, Calif., said hackers created phony profiles sporting links that users believed would lead them to photographs of nude celebrities. But the links instead shunted users to sites hosting malware. The celebrities named included singer Beyoncé and actresses Christina Ricci, Kirsten Dunst and Kate Hudson.

"They're using the same mechanism as earlier spam campaigns, telling users that they have to install a [video] codec," said Ferguson. The coder/decoder is actually a disguised Trojan horse.

Ferguson said that LinkedIn reacted quickly after the fake accounts first appeared last Tuesday. "Once they were notified, they quickly took them down," he said.

A major phishing campaign against Twitter last week (see story) is an example of an uptick in criminal activity on social networking sites that will only get worse, Ferguson predicted.

Cybercriminals are just trying to "get more eyeballs on their handiwork," he said, noting that they can attract users of social networks and take advantage of the proclivity of search engines to float sites such as LinkedIn and Facebook to the top of results lists.

In a statement, LinkedIn said it is "actively removing and suspending any users who violate our terms of use," in addition to "adding new technologies and security protocols."

This version of the story originally appeared in Computerworld's print edition.

Got something to add? Let us know in the article comments.

The Industry Standard - LinkedIn pages that promise prurient pics link to malware - Comments

LinkedIn pages that promise prurient pics link to malware