Bogus LinkedIn Profiles Harbor Malicious Content

The LinkedIn professional networking site connects more than 30 million users from across many different industries. The advantages of maintaining a list of trusted business contacts for career planning purposes is not lost on LinkedIn’s users.
The fostering of business relationships is further enhanced by features such as LinkedIn Answers and access from mobile devices.
Advanced Threats Researcher Ivan Macalintal found some bogus LinkedIn profiles which contain links to malware, using the  names and images of  famous personalities such as:

Beyoncé Knowles
Victoria Beckham
Christina Ricci
Kirsten Dunst
Salma Hayek
Kate Hudson

… and several others.
Below is a screenshot of the previously mentioned fake Beyoncé LinkedIn profile, with malicious links highlighted:

Bogus Profile of Beyoncé Knowles
Malicious links contained in these bogus profiles lead browsers through a series of redirections, but ultimately to malware.
Note that there are several routes this infection path may take. We are conducting a deeper investigation of these attacks in order best provide detection and protection against these threats. We will update this blog entry with additional information when it is available.
Update as of January 6 2008, 10:00 PM PST
The malicious file downloaded from the links contained in the mentioned fake profiles is detected by Trend Micro as TROJ_DLOAD.ML. Upon execution, TROJ_DLOAD.ML accesses certain URLs to download files detected as the following:

TROJ_DLOAD.PN
TROJ_DLOAD.PI
TROJ_DLOAD.PG

In turn, these files attempt to download a fake antivirus application detected by Trend (continue reading...)