Bare celebrity on LinkedIn direct to malware

A blog post by our friends at Trend Micro wedged my eye this morning, and got some of the guys within SophosLabs looking a small quicker at some of the profiles listed on the business networking site, LinkedIn. It’s astounding how many people signed-up on LinkedIn have words like “nude” and “naked” in their job title. It’s probable that some of these are genuine (for instance, the person who claims to be the Chief Nude Parachutist at a New York-based company), but many of them are not.

 

For example, I think it’s very improbable that Paris Hilton works for a firm called “company B”, and that she would want to post links claiming to be of her notorious sex video. Another celebrity who has fallen foul of a private home movie becoming public is Kim Kardashian. It seems that the hackers who have peppered LinkedIn with false profiles also believe that people will be probing for videos of her, and so they have created a page for her too.

 

 

Other names (of various levels of fame) with fake profiles on LinkedIn include Jaime Pressly, Christina Aguilera, Keri Russell, Zooey Deschanel, Lizzy Caplan, Brooke Hogan and Tila Tequila. Some of the links contained in these profiles are currently down, but SophosLabs can confirm that as recently as January 1st 2009 the malicious Troj/Decdec-A JavaScript code was being found on them, downloading further malware onto visiting computers.

 

 

It’s a shame that LinkedIn aren’t keeping a closer eye on clearly bogus profiles being shaped on their site. Certainly spammers, malware authors and other cybercriminals may be abusing the system to link to their WebPages in the hope that it will produce a higher ranking in search engines like Google.