Rogue LinkedIn Profiles Lead To Malware
Tuesday January 6, 2009 at 6:33 am CST
Posted by Micha Pekrul
LinkedIn is a popular social networking site where you can manage business contacts online. Since you can set up a profile with links to your own website, it seems to attract criminals’ attention as well. A Google search reveals that several hundred fake LinkedIn profiles from nude “Kirsten Dunst” to nude “Hulk Hogan” exist already. The rogue profiles look all alike, with a picture of the celebrity and three links to the parts of the “nude video” like shown in the following picture.
This is exactly the lure – don’t follow these links! The linked websites contain obfuscated script code which decodes to a simple browser redirection. This obfuscated script code is proactively detected by McAfee as “Exploit-IFrame.gen.c” already.
If you’d follow the link (don’t do that!) to see how deep the rabbit hole goes, you will end up with a Traffic Management System like described in this Avert Labs blog entry. On every reload the server-side application will point to a different domain.
So when an unsuspecting user gets tricked to follow the lure, he will end up on different malicious websites trying the classical social-engineering tricks of either the “missing video codec” or of showing a fake AV scan and telling that the user his computer was infected with malware and offering a “free” AV scanner software, which in fact is the real threat. So beware when following links, even on trusted Web 2.0 platforms like LinkedIn. Especially when they promise some nude celebrity videos.
January 6th, 2009 at 14:00
[...] Rogue LinkedIn Profiles Lead To Malware, McAfee Avert Labs Blog [...]
January 7th, 2009 at 00:38
[...] Specifically, McAfee researchers said in a blog post that they have recently observed a noticeable uptick in fake profiles being posted to LinkedIn that harbor links to external sites bearing malware infections. eWeek explains it here. A Google search reveals that several hundred fake LinkedIn profiles from nude âKirsten Dunstâ to nude âHulk Hoganâ exist already. The rogue profiles look all alike, with a picture of the celebrity and three links to the parts of the ânude videoâ like shown in the following picture. McAfee reports it here. [...]
January 7th, 2009 at 05:35
Where can I get McAfeee FileInsight?
January 7th, 2009 at 08:12
[...] 8:02 am If you are a Linkedln user, use caution if you see a celebrity profile. According to McAfee, A Google search reveals that several hundred fake LinkedIn profiles from nude âKirsten Dunstâ [...]
January 7th, 2009 at 08:56
[...] reports that they have recently observed a noticeable uptick in fake profiles being posted to LinkedIn that [...]
January 7th, 2009 at 13:52
Hey, I love the way you guys are incorporating animation into your blogs. As a blogger myself, can I ask what software you use to do this?
January 7th, 2009 at 17:01
[...] set up several hundred fake LinkedIn profiles, McAfee has discovered. Each looks like it’ll show you how hot a celeb looks naked. Instead, it’ll show you [...]
January 8th, 2009 at 09:31
The FileInsight tool can be found here:
http://www.webwasher.de/download/fileinsight/
And they’re using animated GIF’s for the animated images.
January 8th, 2009 at 19:50
http://www.webwasher.de/download/fileinsight/
January 14th, 2009 at 05:45
[...] McAfee researchers said in a blog post that they have recently observed a noticeable uptick in fake profiles being posted to LinkedIn that [...]
February 17th, 2009 at 14:07
[...] McAfee: Rogue LinkedIn Profiles Lead To Malware [...]
March 21st, 2009 at 19:54
hello sir,i am from india and i am very big fan of your blog.i read it regularly.i am in 3rd year of computer sci. engineering and i also want to be a security researcher like you people.can you please tell me what cources i have to do and from where ?
May 26th, 2009 at 06:47
As a thumb rule, whenever there is an iframe injected with a url embedded should alarm that there’s something fishy.
The problem with this particular trojan is because by default most of the scanners do not detect it.
July 7th, 2009 at 15:34
[...] spread via drive-by downloads, search-engine-optimization poisoning, spam campaigns, and clever social engineering. Having these methods discussed in earlier blogs, today we will look into the protection mechanisms [...]
December 15th, 2009 at 09:22
[...] 3. Rogue LinkedIn Profiles Lead Users to Malware Usually perceived to be the safer of the popular social networks due to more passive use, LinkedIn itself succumbed to some rogue activity in January in which attackers created fake celebrity profiles in an attempt to lure users to malware-laden sites. A McAfee security researcher discovered that hundreds of fake LinkedIn profiles promising everything from a nude “Kate Hudson” to a nude âHulk Hoganâ not only existed but were driving users from LinkedIn to Web sites containing obfuscated script code which decodes to a simple browser redirection. According to McAfee, as user would “end up on different malicious websites trying the classical social-engineering tricks of either the ‘missing video codec’ or of showing a fake AV scan and telling that the user his computer was infected with malware and offering a ‘free’ AV scanner software, which in fact is the real threat.” [...]
December 15th, 2009 at 09:55
[...] 3. Rogue LinkedIn Profiles Lead Users to Malware Usually perceived to be the safer of the popular social networks due to more passive use, LinkedIn itself succumbed to some rogue activity in January in which attackers created fake celebrity profiles in an attempt to lure users to malware-laden sites. A McAfee security researcher discovered that hundreds of fake LinkedIn profiles promising everything from a nude âKate Hudsonâ to a nude âHulk Hoganâ not only existed but were driving users from LinkedIn to Web sites containing obfuscated script code which decodes to a simple browser redirection. According to McAfee, as user would âend up on different malicious websites trying the classical social-engineering tricks of either the âmissing video codecâ or of showing a fake AV scan and telling that the user his computer was infected with malware and offering a âfreeâ AV scanner software, which in fact is the real threat.â [...]