Social Engineering

Sunday, 13 June 2010

HoneyBot - Automated IRC Social Engineering

IRC-Junkie is reporting that researchers at TU Wien (Vienna University of Technology, Austria) have developed a software program that performs a "man-in-the-middle" attack between IRC users causing them to click on malicious links at a 76% click rate. As opposed to impersonating a user and attempting to perform one side of the conversation, this program sits between two users and simply makes changes to the words and inserts malicious links.

The so called "HoneyBot" is capable of influencing the ongoing conversation by “dropping, inserting, or modifying messages” and the researchers assert that “if links (or questions) are inserted into such a conversation, they will seem to originate from a human user” and therefore the click-probability will be “higher than in artificial conversation approaches”.

It seems to me that the high click rate is due to the lack of knowledge that such an attack is even possible and therefore people are not in the least bit suspicious. If HoneyBots become more prevalent, people will be more on guard.

In any case, approach each link cautiously - hover over the link and inspect the URL that is displayed at the bottom of the browser. If you cannot determine exactly where the URL is going to take you, don't click on it.

Another thought, how long before we see this type of attack in the wild on Facebook?

Posted at 07:07 PM in Social Engineering | | Comments (0) | TrackBack (0)

Wednesday, 12 May 2010

Simplistic attacks still work some of the time

Sunbelt has a detailed blog post of a ridiculously simple and obvious social engineering attack on Facebook users. The good news is that only 0.05% of Facebook users fell for it. The bad news is that the actual number of Facebook users is 191,372. Given the ease of creating these attacks and the rewards to the attackers, they are not going to stop anytime soon.

Posted at 08:13 AM in Malware, Social Engineering | | Comments (0) | TrackBack (0)

Technorati Tags:

Wednesday, 21 October 2009

Phishing emails have become more convincing

The "quality" of phishing emails continues to improve. In other words, the attackers continue to make their phishing emails seem legitimate and thus trick more people into taking the emails' suggested actions. An article in Dark Reading this week discusses research done by F-Secure about new, more convincing, phishing attacks generated by the Zbot botnet which attempts to infect victims with the Zeus trojan. I wrote about how the Zeus trojan is used as a keylogger to steal banking credentials which enable funds transfer fraud

While one might have considered the Dark Reading article a public relations piece for F-Secure, its validity was increased for me by Rich Mogull at Securosis who wrote about  "the first phishig email I almost fell for," i.e. one of these Zbot phishing emails.

If a security person like Rich Mogull, who has the requisite security "paranoia DNA" can almost be fooled, then the phishing attackers are indeed improving their social engineering craft.

Posted at 07:51 PM in Botnets, Funds Transfer Fraud, Malware, Social Engineering | | Comments (0) | TrackBack (0)

Technorati Tags: ,

About

Subscribe to this blog's feed

Recent Posts