Fake Beyonce, Victoria Beckham LinkedIn pages carry malware

Share this article:
Researchers have identified malicious links present on fake LinkedIn profiles claiming to belong to Beyonce Knowles, Victoria Beckham and about 25 other celebrities.

Christina Ricci, Kirsten Dunst, Salma Hayek, Kate Hudson and Hulk Hogan were just some of the other celebrities with fake LinkedIn profiles, claiming to contain links to websites where nude videos of the celebrity could be seen. In reality, the links lead users through a series of redirections, with the goal of downloading a rogue anti-virus program to the user's machine.

The malicious links have been removed, but this type of attack is not going away anytime soon, Paul Ferguson, a threat researcher with computer security firm Trend Micro, told SCMagazineUS.com Wednesday.

This issue is not new -- similar exploits were identified recently on Google's Blogspot and Flickr -- and exploits such as this could remain a problem because few measures are in place to prevent cybercriminals from creating new malicious accounts on LinkedIn or similar websites.

“The tactics are similar but the platform is expanding,” Ferguson said, adding this is the first exploit of its kind to hit LinkedIn.

A LinkedIn spokesperson was not available Wednesday for comment.

Because of the openness of Web 2.0 platforms such as LinkedIn, users are able to interact easily, but the downside is that they are easily exploitable, Ferguson said.

Constructing an exploit such as this is a matter of creating the accounts, populating them with links that lead to malware and then using social engineering tactics to get people to click the links, he said. The best way to counter such attacks is to quickly respond to abuse reports.

Ferguson said LinkedIn removed the fraudulent profiles, likely created by Eastern European-based cybercriminals, in about 12 hours.

Richard Stiennon, chief research analyst of consultancy IT-Harvest, wrote this week on his Threat Chaos blog that exploits to LinkedIn are inevitable and that social networking sites such as Facebook and MySpace will need to start doing better checks for malware.

“As social media sites proliferate and mash together, there are more and more opportunities for hackers to post their spam and malicious links,” Stiennon wrote.

McAfee Avert Labs posted a blog about the malware, warning users to, “beware when following links, even on trusted Web 2.0 platforms like LinkedIn. Especially when they promise some nude celebrity videos.”
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Information sharing requires breaking down barriers, White House cyber guru says

Information sharing requires breaking down barriers, White House ...

The White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities.

Worm variant of Android ransomware, Koler, spreads via SMS

Worm variant of Android ransomware, Koler, spreads via ...

Upon infection, the Koler variant will send an SMS message to all contacts in the device's address book.

Patch for Windows flaw can be bypassed, prompts temporary fix from Microsoft

Patch for Windows flaw can be bypassed, prompts ...

The Windows zero-day received a patch last week, but the fix can still be bypassed by crafty attackers.