11. July 2010 · Comments Off on Fake YouTube page used to infect soccer fans · Categories: blog · Tags: , ,

Zscaler discusses yet another example of blackhats drawing unsuspecting fans to fake web pages containing malware. This time it’s a fake YouTube page designed to attract soccer fans during the World Cup.

I call this type of attack, “inside-out,” in the sense that the attacker draws an insider out to a web-page to initiate the attack rather than using the traditional “outside-in” direct attack method of finding and exploiting a network or application vulnerability. While traditional vulnerability assessments are still important, they do not provide the complete picture of your risks.

This is why we recommend a Next Generation Firewall or a Secure Web Gateway which offers protection from this type of social engineering attack.

13. June 2010 · Comments Off on HoneyBot – Automated IRC Social Engineering · Categories: blog · Tags:

IRC-Junkie is reporting that researchers at TU Wien (Vienna University of Technology, Austria) have developed a software program that performs a “man-in-the-middle” attack between IRC users causing them to click on malicious links at a 76% click rate. As opposed to impersonating a user and attempting to perform one side of the conversation, this program sits between two users and simply makes changes to the words and inserts malicious links.

The so called “HoneyBot” is capable of influencing the ongoing conversation by “dropping, inserting, or modifying messages” and the researchers assert that “if links (or questions) are inserted into such a conversation, they will seem to originate from a human user” and therefore the click-probability will be “higher than in artificial conversation approaches”.

It seems to me that the high click rate is due to the lack of knowledge that such an attack is even possible and therefore people are not in the least bit suspicious. If HoneyBots become more prevalent, people will be more on guard.

In any case, approach each link cautiously – hover over the link and inspect the URL that is displayed at the bottom of the browser. If you cannot determine exactly where the URL is going to take you, don’t click on it.

Another thought, how long before we see this type of attack in the wild on Facebook?

12. May 2010 · Comments Off on Simplistic attacks still work some of the time · Categories: Malware, Social Engineering · Tags:

Sunbelt has a detailed blog post of a ridiculously simple and obvious social engineering attack on Facebook users. The good news is that only 0.05% of Facebook users fell for it. The bad news is that the actual number of Facebook users is 191,372. Given the ease of creating these attacks and the rewards to the attackers, they are not going to stop anytime soon.

21. October 2009 · Comments Off on Phishing emails have become more convincing · Categories: Botnets, Funds Transfer Fraud, Malware, Social Engineering · Tags: , , ,

The "quality" of phishing emails continues to improve. In other words, the attackers continue to make their phishing emails seem legitimate and thus trick more people into taking the emails' suggested actions. An article in Dark Reading this week discusses research done by F-Secure about new, more convincing, phishing attacks generated by the Zbot botnet which attempts to infect victims with the Zeus trojan. I wrote about how the Zeus trojan is used as a keylogger to steal banking credentials which enable funds transfer fraud

While one might have considered the Dark Reading article a public relations piece for F-Secure, its validity was increased for me by Rich Mogull at Securosis who wrote about  "the first phishig email I almost fell for," i.e. one of these Zbot phishing emails.

If a security person like Rich Mogull, who has the requisite security "paranoia DNA" can almost be fooled, then the phishing attackers are indeed improving their social engineering craft.