Printer Friendly

The weakest link of computer security - the user.

Social engineering as a highly effective malicious code conduit

While exploits targeting holes in computer software are on daily order, we are presently seeing a rise in social engineering techniques. Computer users are relatively easily duped into downloading a slew of malware - ranging from rogue antivirus solutions, bogus applications, free music to adult content. In order to view this content, many of these "apps" require the user to first install a video codec or ActiveX component, which makes the user into easy prey for encrypted, password-protected threats.

Social engineering, in short, encompasses a set of fraudulent techniques, strongly aided by a psychological aspect, with the aim to trick computer users into performing a desired action.

The human predicament

The issue of social engineering is fast becoming the topic of the day. The fact that we humans are social creatures predisposes us to become the weakest link in the proverbial security chain. The knee-jerk reaction to what we are up against seems to be to push more education and awareness about these types of threats. Many experts, however, are skeptical. Everything related to malicious code is evolving at a phenomenal rate - the code itself, the delivery techniques, and the tricks to dupe users.

Some attacks out there may be quite amateurish, but many bear the signs of professionalism with all the hallmarks of credibility. Phishing scams can be very convincing - often with uncanny resemblance to the original source. Presently, we are seeing ever-more directed attacks, designed to go after specific information. To increase their effectiveness, the ploys often contain an impressive amount of detail, complete with the victim's intimate personal data.

Stormworm, aka Win32/Nuwar is a piece of malware that can be infamously dubbed the present-day master of social engineering. Its name was inspired by fake pieces of news used during the early stages of the worm's spreading. In November 2006, when the worm had been distributing in emails, it contained subject heading straight out of an apocalyptical thriller, announcing "Putin and Bush starts NUCLEAR WAR! Check the file!" or "Nuclear War in Russia! Read news in file!"

After a fierce windstorm had swept across Europe in 2007, the worm was announcing "230 Dead as Storm Batters Europe." The similarity in the structure of the worm's variants wasn't evident in the beginning, thus the new worm was simply dubbed Storm, (Stormworm). Since then, the worm has been using all major world headlines to fill in the subject of spam it sends--and registering a high success rate.

What is interesting about this particular form of malware, compared to similar phishing threats, is its low graphical quality. It's not that the malware's authors could not do any better - it's just that their model meets the threshold criteria to arouse the curiosity of the target audience.

It is a well known fact that people are drawn to bad news, making this an important psychological aspect behind the attack's design. Similarly, in light of the financial crisis, people have been caught by scammers using fake news concerning their financial institution. Suddenly, an E-mail would appear announcing "Wells Fargo is buying Wachovia" and you happen to be Wachovia customer. Next thing you know, you are requested to "update your records to help us with the merger." Needless to say, many people actually fell for this ploy and volunteered banking information they would often think twice about sharing with their spouse.

Eset exhibited at Infosecurity Europe 2010.

Juraj Malcho, Head of Virus Lab, ESET
COPYRIGHT 2010 A.P. Publications Ltd.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2010 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Infosecurity Europe 2010
Author:Malcho, Juraj
Publication:Database and Network Journal
Date:Jun 1, 2010
Words:578
Previous Article:Do business applications need protecting in a virtual world?
Next Article:Human error.
Topics:

Terms of use | Privacy policy | Copyright © 2021 Farlex, Inc. | Feedback | For webmasters |