The weakest link of computer security - the user.
While exploits targeting holes in computer software are on daily order, we are presently seeing a rise in social engineering techniques. Computer users are relatively easily duped into downloading a slew of malware - ranging from rogue antivirus solutions, bogus applications, free music to adult content. In order to view this content, many of these "apps" require the user to first install a video codec or ActiveX component, which makes the user into easy prey for encrypted, password-protected threats.
Social engineering, in short, encompasses a set of fraudulent techniques, strongly aided by a psychological aspect, with the aim to trick computer users into performing a desired action.
The human predicament
The issue of social engineering is fast becoming the topic of the day. The fact that we humans are social creatures predisposes us to become the weakest link in the proverbial security chain. The knee-jerk reaction to what we are up against seems to be to push more education and awareness about these types of threats. Many experts, however, are skeptical. Everything related to malicious code is evolving at a phenomenal rate - the code itself, the delivery techniques, and the tricks to dupe users.
Some attacks out there may be quite amateurish, but many bear the signs of professionalism with all the hallmarks of credibility. Phishing scams can be very convincing - often with uncanny resemblance to the original source. Presently, we are seeing ever-more directed attacks, designed to go after specific information. To increase their effectiveness, the ploys often contain an impressive amount of detail, complete with the victim's intimate personal data.
Stormworm, aka Win32/Nuwar is a piece of malware that can be infamously dubbed the present-day master of social engineering. Its name was inspired by fake pieces of news used during the early stages of the worm's spreading. In November 2006, when the worm had been distributing in emails, it contained subject heading straight out of an apocalyptical thriller, announcing "Putin and Bush starts NUCLEAR WAR! Check the file!" or "Nuclear War in Russia! Read news in file!"
After a fierce windstorm had swept across Europe in 2007, the worm was announcing "230 Dead as Storm Batters Europe." The similarity in the structure of the worm's variants wasn't evident in the beginning, thus the new worm was simply dubbed Storm, (Stormworm). Since then, the worm has been using all major world headlines to fill in the subject of spam it sends--and registering a high success rate.
What is interesting about this particular form of malware, compared to similar phishing threats, is its low graphical quality. It's not that the malware's authors could not do any better - it's just that their model meets the threshold criteria to arouse the curiosity of the target audience.
It is a well known fact that people are drawn to bad news, making this an important psychological aspect behind the attack's design. Similarly, in light of the financial crisis, people have been caught by scammers using fake news concerning their financial institution. Suddenly, an E-mail would appear announcing "Wells Fargo is buying Wachovia" and you happen to be Wachovia customer. Next thing you know, you are requested to "update your records to help us with the merger." Needless to say, many people actually fell for this ploy and volunteered banking information they would often think twice about sharing with their spouse.
Eset exhibited at Infosecurity Europe 2010.
Juraj Malcho, Head of Virus Lab, ESET
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Infosecurity Europe 2010|
|Publication:||Database and Network Journal|
|Date:||Jun 1, 2010|
|Previous Article:||Do business applications need protecting in a virtual world?|
|Next Article:||Human error.|