Fake Celeb Profiles in Spam Attacks

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  

Just one day after hackers broke into the accounts of 33 Twitter users, including President-elect Barack Obama, spammers have launched attacks using fake profiles of celebrities.

One attack is on the LinkedIn social networking site for professionals, where the spammers put up a nude picture with a celebrity's name and a fake profile and links supposed to take visitors to three nude videos of the celebrity. Security software vendor McAfee (NYSE: MFE), posted an example on its Avert Labs blog.

However, the links redirect visitors' browsers to a site containing malware.

Another attack, discovered by security vendor Sophos, has spammers putting up pages with photos of celebrities on Google (NASDAQ: GOOG) Blogspot that redirect visitors to sites offering scareware -- fake anti-virus software.

Celebrities featured in the LinkedIn attacks include actresses Kate Hudson and Kirsten Dunst, and wrestler Hulk Hogan.

But the spammers have become tricky - instead of sending victims to one site, the links send them to a traffic management system that points to a different domain every time someone clicks on the links, according to McAfee Avert Labs.

This makes it more difficult to track the spammers, and helps hide the malicious site from the Web site's owner or administrator, helping keep the infection undetected for a longer time, McAfee Avert Labs said. It also ensures visitors are automatically redirected to sites where their local language is used.

"When you combine clicking attacks, which always work, with back end sophisticated technology like traffic management, where you get redirected to a site in your own language, you make attacks more effective," Dave Marcus, security research and communications director at McAfee, told InternetNews.com.

Bad guys Google too

The sites contain the Troj/JSRedir-F malicious script which redirects visitors to another site where scareware is downloaded onto their computers. SophosLabs is working with Google to shut down the sites, which are all hosted on Google Blogspot, Baccas said.

"We are aware of this particular issue and are working now to resolve it," a Google spokesperson told InternetNews.com by e-mail. "Google takes the security of our users very seriously, and we actively work to detect and remove sites that serve malware."

"The bad guys have two objectives - protect themselves and make it as difficult as possible to prevent them from spreading their malware," Randy Abrams, director of technical education at antivirus vendor ESET, told InternetNews.com.

This article was first published on InternetNews.com. To read the full article, click here.

Submit a Comment

Loading Comments...