Bogus LinkedIn profiles serving malware

LinkedIn Bogus Profiles MalwareA currently active malware campaign is taking advantage of bogus LinkedIn profiles impersonating celebrities in an attempt to trick users into clicking on links serving bogus media players. LinkedIn is among the latest social networking services considered as a valuable asset in the arsenal of the blackhat SEO knowledgeable cybecriminal, simply because this approach works. For instance, Googling for “Keri Russell nude” or “Brooke Hogan Naked pics” you’ll notice that the bogus profiles have already been indexed by Google and are appearing within the first 5/10 search results.

This is a proven tactic for acquiring search engine traffic which was most recently used in the real-time syndication of hot Google Trends keywords and using them as bogus content for the automatically generated bogus profiles using Microsoft’s Live spaces. Approximately 70 to 80 bogus LinkedIn profiles appear to been created within the past 24 hours, with LinkedIn’s staff already removing some of them.

LinkedIn Bogus Profiles MalwareUpon several redirections a malware dropper (TubePlayer.ver.6.20885.exe) is served currently detected by 10 AV vendors as TrojanDownloader:Win32/Renos.gen!BB. Overall, the malware campaign is thankfully not taking advantage of any client-side vulnerabilities for the time being, leaving it up to the end user’s vigilance — if any if we’re to exclude the most abused infection vector for 2008.

[Source: zdnet]