Fake Beyonce, Victoria Beckham LinkedIn pages carry malware

Share this article:
Researchers have identified malicious links present on fake LinkedIn profiles claiming to belong to Beyonce Knowles, Victoria Beckham and about 25 other celebrities.

Christina Ricci, Kirsten Dunst, Salma Hayek, Kate Hudson and Hulk Hogan were just some of the other celebrities with fake LinkedIn profiles, claiming to contain links to websites where nude videos of the celebrity could be seen. In reality, the links lead users through a series of redirections, with the goal of downloading a rogue anti-virus program to the user's machine.

The malicious links have been removed, but this type of attack is not going away anytime soon, Paul Ferguson, a threat researcher with computer security firm Trend Micro, told SCMagazineUS.com Wednesday.

This issue is not new -- similar exploits were identified recently on Google's Blogspot and Flickr -- and exploits such as this could remain a problem because few measures are in place to prevent cybercriminals from creating new malicious accounts on LinkedIn or similar websites.

“The tactics are similar but the platform is expanding,” Ferguson said, adding this is the first exploit of its kind to hit LinkedIn.

A LinkedIn spokesperson was not available Wednesday for comment.

Because of the openness of Web 2.0 platforms such as LinkedIn, users are able to interact easily, but the downside is that they are easily exploitable, Ferguson said.

Constructing an exploit such as this is a matter of creating the accounts, populating them with links that lead to malware and then using social engineering tactics to get people to click the links, he said. The best way to counter such attacks is to quickly respond to abuse reports.

Ferguson said LinkedIn removed the fraudulent profiles, likely created by Eastern European-based cybercriminals, in about 12 hours.

Richard Stiennon, chief research analyst of consultancy IT-Harvest, wrote this week on his Threat Chaos blog that exploits to LinkedIn are inevitable and that social networking sites such as Facebook and MySpace will need to start doing better checks for malware.

“As social media sites proliferate and mash together, there are more and more opportunities for hackers to post their spam and malicious links,” Stiennon wrote.

McAfee Avert Labs posted a blog about the malware, warning users to, “beware when following links, even on trusted Web 2.0 platforms like LinkedIn. Especially when they promise some nude celebrity videos.”
Share this article:

Sign up to our newsletters

More in News

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.

Report: DDoS up in Q4 2013, vulnerability scanners leveraged to exploit sites

Report: DDoS up in Q4 2013, vulnerability scanners ...

Researchers observed 346 DDoS attacks in the final quarter of 2013 and attackers used Vega and Skipfish vulnerability scanners to exploit web flaws at financial companies.