15. September 2010 · Comments Off on Burglars used social network status updates to select victims • The Register · Categories: Privacy, Social Engineering · Tags:

Burglars used social network status updates to select victims • The Register.

Posting your location can have unintended consequences. A band of burglars in Nashua, NH were arrested for an estimated 50 burglaries in the area whose locations were chosen based on information they collected from social networks including Facebook.

“Be careful of what you post on these social networking sites,” said Capt. Ron Dickerson of Nashua police. “We know for a fact that some of these players, some of these criminals, were looking on these sites and identifying their targets through these social networking sites.”

22. August 2010 · Comments Off on OpenDNS – Simplifying the Lives of Web Users · Categories: Social Engineering · Tags:

David Pogue at the New York Times wrote a very good article about OpenDNS, Simplifying the Lives of Web Users. The article also provides a well written explanation of DNS – Domain Name Service.

I did not realize that one of the benefits of OpenDNS is phishing protection:

PHISHING PROTECTION Phishing is the Internet scheme where you get a fake e-mail note from your bank about a problem with your account. When you click the link to correct the problem, you get a fake Web site, designed to look just like your bank’s — and by logging in, you unwittingly supply your name and password to the bad guys.

OpenDNS intercepts and blocks your efforts to visit the fake sites. It works like a charm.

Another layer of phishing protection alone makes OpenDNS worthwhile. Improved performance, availability, shortcuts, typo corrections, and parental controls are other benefits Pogue discusses.

05. July 2010 · Comments Off on Koobface trojan continues to plague Facebook · Categories: Malware, Next Generation Firewall, Palo Alto Networks, Security-Compliance, Social Engineering · Tags: ,

Trend Micro’s research lab is reporting that the Koobface trojan continues to put unsuspecting Facebook users at risk. Because Koobface is really a bot, its Command & Control infrastructure can and does change the message and the link you receive to lure you a page that will download the Koobface trojan onto your system.

You could ask, why can’t Facebook eradicate Koobface? Apparently, they are not seeing a significant number of users canceling their accounts due to Koobface and other malware to warrant the investment.

Why not simply block Facebook? If the business side of the organization (sales and marketing) is OK with that, then blocking Facebook in the office is a reasonable step. There are two issues to consider:

  1. Increasingly, sales and marketing departments want to take advantage of Facebook and other social networking sites to reach current and prospective customers.
  2. Even if you do block social networking sites in the office, laptop users who travel or just use their laptops at home are at risk of being exploited by malware from social networking sites.

Palo Alto Networks’ next-generation firewall solves the first issue today and has announced GlobalProtect, which will solve the second issue in its next release at the end of 2010.

13. June 2010 · Comments Off on HoneyBot – Automated IRC Social Engineering · Categories: Social Engineering · Tags: ,

IRC-Junkie is reporting that researchers at TU Wien (Vienna
University of Technology, Austria) have developed a software program
that performs a "man-in-the-middle" attack between IRC users causing
them to click on malicious links at a 76% click rate. As opposed to
impersonating a user and attempting to perform one side of the
conversation, this program sits between two users and simply makes
changes to the words and inserts malicious links.

The so called "HoneyBot" is capable of influencing the
ongoing conversation by “dropping, inserting, or modifying messages”
and the researchers assert that “if links (or questions) are
inserted into such a conversation, they will seem to originate from a
human user”
and therefore the click-probability will be “higher
than in artificial conversation approaches”.

It seems to me that the high click rate is due to the lack of
knowledge that such an attack is even possible and therefore people are
not in the least bit suspicious. If HoneyBots become more prevalent,
people will be more on guard.

In any case, approach each link cautiously – hover over the link and
inspect the URL that is displayed at the bottom of the browser. If you
cannot determine exactly where the URL is going to take you, don't click
on it.

Another thought, how long before we see this type of attack in the
wild on Facebook?

12. May 2010 · Comments Off on Simplistic attacks still work some of the time · Categories: Malware, Social Engineering · Tags:

Sunbelt has a detailed blog post of a ridiculously simple and obvious social engineering attack on Facebook users. The good news is that only 0.05% of Facebook users fell for it. The bad news is that the actual number of Facebook users is 191,372. Given the ease of creating these attacks and the rewards to the attackers, they are not going to stop anytime soon.

21. October 2009 · Comments Off on Phishing emails have become more convincing · Categories: Botnets, Funds Transfer Fraud, Malware, Social Engineering · Tags: , , ,

The "quality" of phishing emails continues to improve. In other words, the attackers continue to make their phishing emails seem legitimate and thus trick more people into taking the emails' suggested actions. An article in Dark Reading this week discusses research done by F-Secure about new, more convincing, phishing attacks generated by the Zbot botnet which attempts to infect victims with the Zeus trojan. I wrote about how the Zeus trojan is used as a keylogger to steal banking credentials which enable funds transfer fraud

While one might have considered the Dark Reading article a public relations piece for F-Secure, its validity was increased for me by Rich Mogull at Securosis who wrote about  "the first phishig email I almost fell for," i.e. one of these Zbot phishing emails.

If a security person like Rich Mogull, who has the requisite security "paranoia DNA" can almost be fooled, then the phishing attackers are indeed improving their social engineering craft.