The business-oriented social networking site, LinkedIn, has had a recent bout with malware. While the threat on LinkedIn was quickly handled by the sites’ administrators, the bad online behavior seen on the site is an indicator of one type of scam that you need to be increasingly on the lookout for on any online networking sites.
Understanding the Threat
As most of you who use them know, social networking sites, while having many advantages to users, have long been targeted by socially engineered scams – meaning you need to take care when roaming around on these types of sites.
In terms of the bad behavior that cyber scammers acted out in mid January 2009 on LinkedIn – profiles on the site were created to act as a staging point for the distribution of 'FakeAlert' software. This malware serves typical scareware messages claiming that the user’s machine is infected and that he or she should install the rogue anti-malware application that the warning message is peddling. Despite recent attempts by law enforcement, such as the United States’ Federal Trade Commissions effort in tackling the scourge of rogue software, the fact that these applications continue to proliferate proves they still provide a significant return of investment for malware authors.
The Bad Behavior
The LinkedIn profiles themselves consisted of links that claimed to lead to pornographic images and video content of certain celebrity figures. Upon landing at these sites, victims were invited to install a codec to allow them to view the (non-existent) video; the file, however, was not a video codec, but malware.
“This method of attack continues to prove to be extremely effective,” says Lavasoft malware analyst and Research Team Leader, Andrew Browne.
“The social engineering technique being applied is, sociologically, extremely interesting; despite users’ increasing awareness of Internet safety (i.e. maintaining download discipline, avoiding untrustworthy sites, and generally being aware of the pitfalls when navigating the seedier side of the 'net), using a combination of celebrity and sex to entice continues to be effective,” Browne says.
LinkedIn.com worked very quickly to deal with this threat and to remove the malicious profiles from the site. Still, according to industry experts, the use of social engineering to proliferate scams on networking websites is likely to increase. Having updated security software on your PC is key to battling online scams, but there are additional steps you can take to navigate social networking sites safely.
1. Don’t be lured by the bait. Scammers try to lure you to open messages or click links by promising videos or information that they think will pique your interest. Be cautious about the profiles you visit, messages you answer, and links you click on social networking sites.
2. Guard your PII. Limit the personally identifiable information (PII) that you give out to others or post online.
3. Avoid installing unknown files. Scan programs and files that you download with updated security software.