Social engineering techniques used to spread malware - 16 Марта 2011

Main » 2011 » Март » 16 » Social engineering techniques used to spread malware

11:01

Social engineering techniques used to spread malware

Recently, one of the most effective ways to spread malware is social engineering. Practice shows that the hole in the software eventually closed, and users in mind things are not so rosy ...

For example, not so long ago, Microsoft released a patch tightly disable avtoran with flash drives. And many anti-virus products have adopted a ban on the file autorun.inf. It would seem that this should lick wave Malvar, is used to distribute other removable drives. But no! Why ..? Innate curiosity pushes people to many ill-considered actions. Just can not automatically run, you must force the user to do it!

I tried to group the most common social engineering techniques that are used by hackers to spread malicious software and give some tips to protect.

1. Substitution will file

executable file disguised as a folder, legitimate application or file type using the appropriate icons. Bustling user pokes his arm and runs the file for execution.

Defense:

Teach yourself to use file managers such as Total Commander, etc.
If you're still using Explorer Windows, try to work with a tabular display of files and pay attention to the type of file before clicking on it with the mouse (especially when working with files from removable drives and network drives).

2. An intriguing name of the file

intriguing name of the executable file, inciting a user to run it (for example, "Do not otkryvat.scr).

Defense:

I like literate user name should immediately arouse suspicion. Check the file type in the file manager, if it is *. exe, *. scr, *. bat, *. vbs, you'd better not touch it.
If it is an executable file, and hand and are itching to start, at least check it virustotal, though the first few days of fresh Malvar hardly detected by antvirusami.

3. Playing on the user's desire to gain access to the desired content

User lured to malicious website, under the pretext of access to content (video, for example) it is invited to download a codec / driver / extractor. Curiosity once again prevails over reason ...

Defense:

Never go to these links, and more so do not run if you had downloaded. Yes, install a special codec to view the video, for example, is required for some legitimate sites embeds advertising in movie. It is necessary to you? Better to find the same elsewhere.
Use anti-phishing filters built into modern browsers and antivirus software, do not ignore their warnings.

4. Imitation of live communication

The fact that e-mails and instant messages to different sypyatsya message pleas send an SMS or a poke in the link is not uncommon, fortunately, most users have learned to pay attention to it. Therefore, the villains learn new ways.
In January of this year ICQ users were attacked Malvar «Piggy.zip» or "H1N1", which infects a user's computer is sent to all his contacts, not only in response to a phrase like "that the virus is on ...? ? "and" you're a bot? "quite vpopad answered" no, this flash drive about a pig, look:) "or" you yourself bot = ".

According to an analysis of code, the virus is just looking for keywords in the message (spammer, virus, bot, etc.) and throwing out the phrase once correlated with the meaning of the keyword. For all the ease of implementation "intelligence" of such an approach proved extremely effective! Very many people who considered themselves relatively advanced in the field of computer security was hooked. Scary to think what will happen if embedded normal chat bot in this trojan ... It is fair to note that the first such case was as much in 2005.

Defense:

Do not accept files or click on a link sent from unknown contacts.
When you receive files, even from the best of friends, pay attention to a suspicious change of style and manner of communication, it is best to ask several times to describe the contents of the file.

5. "Road apple"

Thanks to total reduction of prices of various media, including flash, the attacker can not feel sorry to throw a disc or flash drive with a trojan you straight to the threshold. A burning desire to see what is there is likely to prevail, the user connects the disk and activates Malvar (quite possibly one of the above methods), which also achieved an attacker! Sicness already talked about his experience popping "apple".

Defense:

To check on a separate stand-alone machine is coming to the company from an untrusted source media.
If you run a serious company, and "suddenly" something found on the way to work one should refrain from independent experiments and transfer media in the service of IT-security checks.
On the other hand, if you are a student or a plumber, it is unlikely someone will throw a specially before you flash:). Nevertheless, it is best to check the findings on the contents of the virtual machine.

According to a tip Antelle another method.

6. Exploitation fears Users

As a general rule, a man trying to convince him that his computer is infested with viruses, personal data and passwords are funneling hackers, with its IP allegedly sent spam, etc. To solve all problems immediately invited to download and install a "antivirus" (be careful, many of these "solutions" fully replicate the interface of well-known products). After the installation is a lock system, with the requirement to pay "product license", or simply a computer user downloads another packs Malvar, with what you want functionality.

Privacy

Never react to warnings that pop up on various dubious websites that your computer is infected, you are in danger, etc.
Use only well-known brands of antivirus software, always download distributions solely from the official website of the company.

Views: 425 | Added by: w1zard | Rating: 0.0/0

Total comments: 0


Имя *:
Email *:

Код *: