Bogus LinkedIn profiles serving malware

Bogus LinkedIn profiles serving malware

Summary: A currently active malware campaign is taking advantage of bogus LinkedIn profiles impersonating celebrities in an attempt to trick users into clicking on links serving bogus media players. LinkedIn is among the latest social networking services considered as a valuable asset in the arsenal of the blackhat SEO knowledgeable cybecriminal, simply because this approach works.

SHARE:
TOPICS: Security
10

LinkedIn Bogus Profiles MalwareA currently active malware campaign is taking advantage of bogus LinkedIn profiles impersonating celebrities in an attempt to trick users into clicking on links serving bogus media players. LinkedIn is among the latest social networking services considered as a valuable asset in the arsenal of the blackhat SEO knowledgeable cybecriminal, simply because this approach works. For instance, Googling for "Keri Russell nude" or "Brooke Hogan Naked pics" you'll notice that the bogus profiles have already been indexed by Google and are appearing within the first 5/10 search results.

This is a proven tactic for acquiring search engine traffic which was most recently used in the real-time syndication of hot Google Trends keywords and using them as bogus content for the automatically generated bogus profiles using Microsoft's Live spaces.  Approximately 70 to 80 bogus LinkedIn profiles appear to been created within the past 24 hours, with LinkedIn's staff already removing some of them.

LinkedIn Bogus Profiles MalwareUpon several redirections a malware dropper (TubePlayer.ver.6.20885.exe) is served currently detected by 10 AV vendors as TrojanDownloader:Win32/Renos.gen!BB. Overall, the malware campaign is thankfully not taking advantage of any client-side vulnerabilities for the time being, leaving it up to the end user's vigilance -- if any if we're to exclude the most abused infection vector for 2008.

Topic: Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

10 comments
Log in or register to join the discussion
  • WOT and Privacy concerns

    Only fools go to these websites and paste their life history online, putting where they work, location and all sorts of private information into the public domain.

    I value my Privacy, and with identity theft spiralling out of control and no signs of stopping I would not be surprised of how many of these sites were implicated from wrong doers or how a person's identity gets stolen and used.

    Like I said before a WOT = Waste of Time, I do not run/use Windows only Linux distro's and I have enough common sense to stay away from putting resumes on the internet.

    Would a person take their life history into a room full of criminals and give it to them and trust them?

    People who use these sites should be ready to pay the consequences of having viruses/malware/spyware/trojans and the other nice benefits of running a Windows OS and posting their private data online for the world to view/take and claim as their own...
    Christian_<><
    • Sure!

      [i]Would a person take their life history into a room full of criminals and give it to them and trust them?[/i]

      Sure. That guy from Lifelock broadcasts his social security number all the time, and he's never had his identity stolen. Well, there were those few times...but who's counting? :-)
      MGP2
      • I forgot about that guy...

        Yes, pay a monthly fee to a guy for something that if people used common sense would most likely not happen to begin with.

        Most of the cases of this are from people spewing out their private data to the public arena. However, advertising it online in my opinion is disaster. Plus, the same people who put their public life on display complain about a tele-marketer calling them - go figure!
        Christian_<><
    • RE: Bogus LinkedIn profiles serving malware

      <a href="http://www.replicacool.org">hermes lindy bags</a>
      xiaodou
    • RE: Bogus LinkedIn profiles serving malware

      <a href="http://www.replicawatchesbest.org">imitation rolex watches</a>
      xiaodou
  • RE: Bogus LinkedIn profiles serving malware

    Mmmmm... Jessica Alba naked... Click!
    DotWhat
  • RE: Bogus LinkedIn profiles serving malware

    Given LinkedIn's claims that it has the upper echelons of society amongst its membership, are they liikely to be dumb enough to look for celebrties to network with in the first place? AND then click on a link to nude pictures on a professional networking site?

    Anyway, LinkedIn does all it can to stop you from connecting to people you don't know already, managing, as it is, to do such a great job of selling everyone's existing contact lists back to them...

    Ian Hendry
    CEO, WeCanDo.BIZ
    http://www.wecando.biz
    ianhendry
  • RE: Bogus LinkedIn profiles serving malware

    They seem to have other malware, too. I was getting emails
    from people 'accepting my invitation' whom I never invited. I
    reported it to LinkedIn, and they were (allegedly) clueless. No,
    maybe actually clueless. I happened in a monthlong period
    where quite a few people accepted invites I never sent. It was
    a bit awkward, for both me and the recipient. Never found
    out what caused it.
    lilchores09
  • RE: Bogus LinkedIn profiles serving malware

    I believe all Virus Creators, Spam Mailers and ALL Malware idiots to be taken to a room and SHOT Execution style. I am getting tired of all this crap! Virus's, Hackers, Malware. People get a friggin LIFE!!!!
    NerdHerd007
  • I am confused as I can never

    get these .exe files to run on my personal computer.
    davebarnes