socialengineering

socialengineering

When friends can be your worst enemies

Posted on August 27, 2008 - 15:26 by egeorge

Think a friend's latest post on your Facebook wall is a little odd? Trust your instincts. Social engineering scams are on the rise.
The latest round of attacks on Facebook include messages and comments on users' walls that appear to come from friends. The fake messages include seemingly irresistible bait - a claim that a video of you in a compromising position has been posted is one of the currently popular lures. If you follow the link in the message, the page you're taken to could infect your computer with "drive-by" malware that can download without your permission. In other cases, the page might claim that you need to download an additional plug-in to view the video. You guessed it: that plug-in turns out to be malware.
It's hard to protect yourself against this kind of attack, when our assumption is that messages from our friends are trustworthy. But think back to the early days of email viruses. Remember being warned not to open an unexpected attachment, even from a friend, without checking that your friend really sent it? If you receive a message that just seems odd - maybe it doesn't sound like your friend's normal writing style, or your friend isn't usually the type to be snapping videos at drunken parties - check it out with the friend before clicking the link. If their account has been compromised, you'll be protecting your friend and their entire network, as well as yourself, by letting them know there's a problem.
Want to read up on the latest social network scams? Kaspersky Lab has a post about the current Koobface worm on Facebook and Myspace, and Trend Micro blogs about a similar social engineering trick targeting users of MSN Live Messenger.

Tags: 
facebook, msn, myspace, socialengineering

Social Networking Sites are Rewarding for Badware Producers

Posted on April 14, 2008 - 12:33 by lmallek

Social networking sites are fun. I've spent unknown hours procrastinating with them and my experiences have generally been favorable. Logging onto my account recently, I found multiple private and public messages from a contact, a high-school friend, who was trying to sell me sunglasses, lots of sunglasses, a variety of designer frames at discount prices that I could purchase by clicking the link in the post. Instead I clicked through to her page and realized that her account had been used to message all of her contacts with this dubious message.

A recent "Security Fix post":http://blog.washingtonpost.com/securityfix/2008/04/social_networking_acc... by Brian Krebs at the Washington Post reviewed "Symantec's findings":http://www.symantec.com/business/theme.jsp?themeid=threatreport that phishers are actively targeting social networking sites. "Spreading malware via hijacked social networking accounts is ideal because people are far more likely to click on a link recommended by someone in their close circle of friends than they are a link that arrives in a message from a complete stranger," writes Krebs. The phishers ride on the trust established by a normally benign networking site to lower a user's suspicion of unknown links. These sites are also extremely popular; four out of the 10 "most visited websites":http://www.alexa.com/site/ds/top_sites?ts_mode=global&lang=none are focused on social networking.

These links can initiate drive-by downloads, which StopBadware has "reported on in detail":http://www.stopbadware.org/home/reports as part of the _Trends In Badware 2007_ report. Drive-by downloads are a major, and continually growing trend in badware distribution. The report "writes":http://www.stopbadware.org/home/reports: "As in offline drive-by attacks, the victim is going about his normal life and is simply in the wrong place at the wrong time." These attacks function with a minimum of user interaction, as the linked-to website may contain an invisible iframe or other gateway for malicious intervention.

Although the techniques are new, the goals of malware writers have stayed the same. Krebs "writes":http://blog.washingtonpost.com/securityfix/2008/04/social_networking_acc...

bq. "Cyber crooks are still principally out to steal financial and personal data that can be resold to identity thieves or converted into cash. And data-stealing computer viruses remain among the most expedient way to extract that data from victims."

As badware production evolves, threats become more difficult to detect as obvious signals such as messages from an unknown users and limited language proficiency are avoided. Maintaining a level of skepticism while browsing is essential to the safety of you, and your entire social network.

Tags: 
by, drive, socialengineering

"Fake Shareaza" takes over updates from the real thing

Posted on February 20, 2008 - 16:38 by egeorge

Users of the popular filesharing application Shareaza are reporting that a competitor has taken over a former Shareaza website and is using it to overwrite the real Shareaza application with an impostor posing as an update.

How is that possible? According to Sarah Pike at AppScout:

Someone took great advantage of old code in Shareaza, which checks for updates with, among other URLs, www.shareaza.com, which another company has now registered. So when the real Shareaza does its regular thing and checks in for updates, it offers to download the fake Shareaza to replace itself.

For software producers, this is an important wake-up call. If your software automatically checks a website for updates, you're responsible for what that website delivers to your users, so it's important to maintain control of that site.

Users shouldn't see the Shareaza switch as a reason to forgo software updates. As the AppScout post discusses, in this kind of social engineering scam there are often warning signs that something may not be quite right. Be sure you read dialog boxes carefully before clicking OK and agreeing to anything, including an update. And do your best to stay informed about the software you use by signing up for alerts from the distributor, or regularly checking for news.

Tags: 
scams, socialengineering