Fake celeb LinkedIn profiles lead to malware

A security researcher has discovered fake profiles for celebrities on LinkedIn that have links to malicious code, according to a blog posting on Trend Micro's site.

The celebrity profiles that are not to be trusted include ones created using the names: Beyonce Knowles, Victoria Beckham, Christina Ricci, Kirsten Dunst, Salma Hayek, and Kate Hudson. They were uncovered by Trend Micro Advanced Threats Researcher Ivan Macalintal.

In its blog posting late on Monday, Trend Micro said it was continuing its investigation. The links on the professional networking site attempt to lure viewers by purporting to be nude shots of the celebrities.

McAfee's Avert Labs Blog has more details and screenshots.

"So when an unsuspecting user gets tricked to follow the lure, he will end up on different malicious Web sites trying the classical social-engineering tricks of either the 'missing video codec' or of showing a fake AV scan and telling the user (that) his computer was infected with malware and offering a 'free' AV scanner software, which in fact is the real threat," the McAfee blog says.

Graham Cluley of Sophos also found many other fake celeb profiles and says that as recently as Thursday, the Troj/Decdec-A malicious JavaScript code was being found on them.

"It's a shame that LinkedIn (isn't) keeping a closer eye on obviously bogus profiles being created on (its) site," Cluley writes. "Undoubtedly, spammers, malware authors, and other cybercriminals may be abusing the system to link to their Web pages in the hope that it will generate a higher ranking in search engines like Google."

Representatives from LinkedIn did not immediately return a call seeking comment on Tuesday.

Fake Beyonce LinkedIn profile that contains links to malware.

(Credit: Trend Micro)

[dch613]

Can't believe anyone would be dumb enough to click on those links. If they are then they deserve what they get.

This does bring up the issue of relatively normal fake profiles with links to malicious code.

<a href="http://www.linkedin.com/in/davidhughes1">David Hughes</a>

[WeCanDoBIZ]

Surely most people on LinkedIn, which boasts it has the highler echelons of society, would smell a rat when a "celebrity" is using a professional networking site to tout nude pictures?

Apat from which, LinkedIn proactively discourages you from connecting to people you don't already know, so it's quite unlikely you'll be surfing for celebs in the first place.

Not the best place to be spreading malware.

Ian Hendry
CEO, WeCanDo.BIZ
http://www.wecando.biz

[Penguinisto]

This one's a no-brainer. LinkedIn is for business socialization, and has bugger-all to do with anything you'd typically associate with MySpace (or even Facebook)... so seeing a "OAMG Nood PIX!" page would ring instant alarm bells, no?

Now, like dch said... if there were malware-planted profiles that appeared like normal folks...

/P

[Harrison912]

Thanks, Elinor, for bringing us this information. I'm typically on LinkedIn to socially market my safety and security web site. I'll be glad to spread the news to my contacts. I'm not just about marketing my products but helping my friends stay safe an no one wants to be a victim of malware.