About Me

Micha Pekrul

Micha Pekrul

Read More

Feeds & Podcasts

Blogs

Meet the Bloggers

Archive

Tags

#SecChat $1 million guarantee 12 Scams of Christmas access to live fraud resolution agents Acquisition Alex Thurber Android antivirus Apple botnet Channel Partners cloud security Compliance Consumer counter identity theft credit card fraud and protection credit fraud alerts credit monitoring credit monitoring and resolution critical infrastructure Cyber Security Mom cyberbullying Cybercrime cybermom data breach data center data center security Data Protection Dave DeWalt DLP Email & Web Security embedded encryption Endpoint Protection enterprise facebook fake anti-virus software Family Safety Friday Security Highlights global threat intelligence google government Hacktivism how to talk to kids how to talk to teens identity fraud identity fraud scams identity protection identity protection $1 million guarantee identity protection fraud identity protection surveillance identity surveillance identity theft identity theft expert identity theft fraud identity theft protection identity theft protection product Identity thieves and cybercriminals intel iphone kids online behavior lost wallet protection malware McAfee McAfee Channel McAfee Family Protection McAfee Identity Protection McAfee Initiative to Fight Cybercrime McAfee Labs McAfee security products Mid-Market Mobile mobile malware mobile security monitor credit and personal information Network Security online personal data protection online safety Operation Aurora PCI personal identity theft fraud personal information loss personal information protection phishing privacy proactive identity protection proactive identity surveillance Public Sector restore credit and personal identity Risk and Compliance scam scams scareware security smartphones social media social networking social networks spam Stuxnet twitter vulnerability Web 2.0 work with victim restore identity

McAfee Labs :

Rogue LinkedIn Profiles Lead To Malware

Tuesday, January 6, 2009 at 6:33am by Micha Pekrul
Micha Pekrul

LinkedIn is a popular social networking site where you can manage business contacts online. Since you can set up a profile with links to your own website, it seems to attract criminals’ attention as well. A Google search reveals that several hundred fake LinkedIn profiles from nude “Kirsten Dunst” to nude “Hulk Hogan” exist already. The rogue profiles look all alike, with a picture of the celebrity and three links to the parts of the “nude video” like shown in the following picture.

This is exactly the lure – don’t follow these links! The linked websites contain obfuscated script code which decodes to a simple browser redirection. This obfuscated script code is proactively detected by McAfee as “Exploit-IFrame.gen.c” already.

If you’d follow the link (don’t do that!) to see how deep the rabbit hole goes, you will end up with a Traffic Management System like described in this Avert Labs blog entry. On every reload the server-side application will point to a different domain.

So when an unsuspecting user gets tricked to follow the lure, he will end up on different malicious websites trying the classical social-engineering tricks of either the “missing video codec” or of showing a fake AV scan and telling that the user his computer was infected with malware and offering a “free” AV scanner software, which in fact is the real threat. So beware when following links, even on trusted Web 2.0 platforms like LinkedIn. Especially when they promise some nude celebrity videos.

Bookmark and Share

Submit your own comments / message for this post

Your email is never published nor shared. Required fields are marked *

 

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Comments (7)

  • George Mallard September 18, 2011 12:45PM

    The LinkedIn scams have another twist, I now have an invitation from a anna kouakou (a well known 419 psuedo) which I can not remove from my invitation list. It also does some strange things when you click on the name and will not allow you to either delete or mark as spam.

    Reply
  • Abhinav Vaid May 26, 2009 6:47AM

    As a thumb rule, whenever there is an iframe injected with a url embedded should alarm that there’s something fishy.
    The problem with this particular trojan is because by default most of the scanners do not detect it.

    Reply
  • murtuza zabuawala March 21, 2009 7:54PM

    hello sir,i am from india and i am very big fan of your blog.i read it regularly.i am in 3rd year of computer sci. engineering and i also want to be a security researcher like you people.can you please tell me what cources i have to do and from where ?

    Reply
  • paul January 8, 2009 7:50PM

    http://www.webwasher.de/download/fileinsight/

    Reply
  • tempuser January 8, 2009 9:31AM

    The FileInsight tool can be found here:

    http://www.webwasher.de/download/fileinsight/

    And they’re using animated GIF’s for the animated images.

    Reply
  • BelchSpeak January 7, 2009 1:52PM

    Hey, I love the way you guys are incorporating animation into your blogs. As a blogger myself, can I ask what software you use to do this?

    Reply
  • primortal January 7, 2009 5:35AM

    Where can I get McAfeee FileInsight?

    Reply