Risk
1/7/2009
02:59 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

LinkedIn Profiles Link To Malware

Scammers use celebrity names and provocative content to entice LinkedIn users to click on malicious URLs.

Malicious user profiles, which have long plagued consumer-oriented social networking sites like MySpace and Facebook, are now appearing on more professionally oriented social networking sites.

Earlier this week, Trend Micro security researcher Ivan Macalintal found several fake LinkedIn profiles that have appropriated the names of celebrities to spread malware.

The scammers use provocative content descriptions in profile name fields -- "Beyoncé Knowles Nude," for example -- to entice visitors to click on malicious URLs placed in the profile's Web site section. Doing so downloads malicious Trojan software.

Other hijacked celebrity names include Victoria Beckham, Christina Ricci, Kirsten Dunst, Salma Hayek, and Kate Hudson.

LinkedIn did not immediately respond to a request for comment.

Trend Micro says that cybercriminals buy and sell preregistered profile accounts on social networks as launchpads for attacks. This happens on other trusted sites and services as well, because exploiting trust is the key to a successful social engineering attack.

A recent social engineering attack that began on Twitter, for example, involved malicious links spammed to Twitter users through the service's direct message system. The links redirected users to a fake Facebook logon page that stole logon credentials from anyone duped by the scheme.

Google has been dealing with similar issues, as demonstrated by the company's designation Tuesday as the third worst spam provider by Spamhaus, an anti-spam group. (Google has since identified and removed the cited spam links and no longer appears on Spamhaus's list.) Spammers have been posting links to malicious Web pages on Google services like Google Docs because potential victims see google.com in the URL and assume the links are trustworthy.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-1955
Published: 2015-08-03
IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (CPU consumption) via a crafted byte sequence in authentication data.

CVE-2015-1956
Published: 2015-08-03
IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1958 and CVE-2015-1987.

CVE-2015-1958
Published: 2015-08-03
IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1956 and CVE-2015-1987.

CVE-2015-1970
Published: 2015-08-03
The IBM WebSphere DataPower XC10 appliance 2.1 through 2.1.0.3 and 2.5 through 2.5.0.4 retains data on SSD cards, which might allow physically proximate attackers to obtain sensitive information by extracting a card and attaching it elsewhere.

CVE-2015-1987
Published: 2015-08-03
IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) via a crafted byte sequence in authentication data, a different vulnerability than CVE-2015-1956 and CVE-2015-1958.

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!