Cat Techie

Sunday, November 28, 2010

Love and Social Engineering

A love story on social sites is quite a common game. And, especially in the hackers zone this works like a miracle. Love is literary, philosophical, or some would even say metaphysical. In the history of malware, love is a virus writer whim and a well-known cybercriminal social engineering technique. Social engineering, a non-technical breach of security that relies heavily on human interaction and tricks users into breaking normal security measures, remains popular among virus writers. LoveLetter was one of the first, and most notable, examples of social engineering. It arrived as an attachment to an innocent looking e-mail containing the subject line 'I LOVE YOU' (and who doesn't like to receive a love letter?) and the body text 'Kindly check the attached LOVELETTER coming from me'. In an effort to put unsuspecting users further off their guard, the attachment had a double extension, LOVE-LETTER-FOR-YOU.TXT.vbs. Since Windows Explorer doesn't show extensions by default, it was not obvious that the attachment was anything more than a plain text file. For good measure, Love Letter also used mIRC to spread and downloaded a password stealing Trojan to the infected machine. Successful threats (from the author's point of view, that is) typically spawn further variants. LoveLetter's success, together with the fact that the VBS source code for the worm was easily accessible, led to a large number of variants in the months following its release. Loveletter showed how useful social engineering can be in spreading malware. So it's not surprising that it continues to be widely used. It arrives as an attachment to infected messages which use a range of subject headers, messages and attachment names in English. Some of the messages appear to promise tickets to the World Cup or date with Bollywood actor and who wouldn't want World Cup tickets or Date? Virus writers have been using love as theme in creating malicious codes. Whether this is attributable to the romantic nature of humanity in general or to love’s overwhelming effect on everyone, the creators of viruses would leave love messages, or traces of it, in their codes. The more famous examples include:
VBS_LOVEMONKEY, a 1999 virus that sends email with the message "Dear Nicky... my name is and I want to make hot monkey love with you. You anti-virus stud!"
•In 2000, PE_LOVESONG.998, notable for having the word "love" in its code.
•The Spanish loveletter VBS_VALENTIN.A in 2001, supposedly written by its creator to express his undying love for "Davinia, the most beautiful girl in the world." It writes files and is triggered on Valentine’s Day.
And today probably you don’t require such viruses to get in any system, just by using few expressions, one can easily win over your heart and here the vulnerability to personal info is traced.
Virus creation was necessarily fixated to notoriety. Writers might have also seen it as a medium through which they could express their thoughts to the public. The aim to cause destruction, coupled with the entertainment brought by personal expression, may have led virus writers to make their malicious files in a certain way, love unfortunately of course being everyone’s favourite topic. Poetry and romantic love are eternally linked, even in malware attacks. Virus writers who are preoccupied with using love in malware codes did not vanish altogether. They now belong to a group called script kiddies, which are considered the opposites of sophisticated hackers. Social engineering--the act of manipulating people into doing things they otherwise would not do--is an integral element of Web-based attacks. It would be almost impossible to conceive of a threat that does not try to trick online users into clicking links, downloading and installing files, or visiting dangerous sites. Love as a social engineering technique is most popular in the spamming operations of the botnet giant Storm. Known for taking advantage of every occasion and holiday known to man, Storm sends Christmas e-cards on Christmas, New Year e-cards on or before every first of January, and love e-cards during the Valentines season.The intent is to convert more zombie PCs for the bot, which would then be used for future cybercriminal activities – spamming, scamming, information theft, DDOS attacks.  The first Storm malware to send love greetings was WORM_NUWAR.CQ. The worm family gets its name from its earlier social engineering technique: sending messages about nuclear wars. In Valentines Day 2007, WORM_NUWAR.CQ made a 180-degree turn from its family’s signature technique by replacing war with love. Cybercriminals began sending love-themed malicious messages then onwards.The rise of Web threats also meant a cybercriminal move away from just malicious files and system-based threats to those that exploit the Internet as a platform. Spammed messages continued its massive volume increases and were used vectors not just for malware, but for dangerous URLs and websites as well. Legitimate websites were also compromised to lead users to malicious binaries or sites. Love maintains its status as an effective social engineering technique despite this development. From manually detected malicious URLs (phishing sites, malware download sites) during the Valentines months of January and February, 24% contained the string love, or was crafted to have references to the word.Even emerging threats use similar social engineering techniques. SYMBOS_BESELO.A– a mobile phone malware that spreads through Bluetooth and Multimedia Messaging Service (MMS) – used as file names beauty, jpg, love.rm, and sex.mp3. As cybercriminals continue to exploit the online holes they keep discovering, love would likely remain a standard luring tool. This process becomes, on the one hand, a study in human psychology: it points us to the irresistibility of love in whatever forms it may have in human affairs. On the other hand, love as a social engineering technique again exposes another crucial bug in computing systems:human frailty. The manipulation of social behaviour in an effort to create results that satisfy the opinions of bureaucrats and social managers is what characterizes the form of socialism found in most of the places. As we now enter the 21st Century, the computer age and cyber warfare is in full swing. Companies and organizations are still not fully addressing or understanding the issue of Social Engineering. The concept of Social Engineering can cause destruction to networks and cost companies millions of dollars or rupees. Here, I will try to bring to light exactly how Social Engineering exposes the vulnerabilities of Intrusion Detection Systems and what can be done to protect ourselves against these vulnerabilities.E-Mail: E-mail provides great opportunities for attackers to use social engineering. As stated earlier, each Intrusion Detection System and Anti-virus program requires signatures to capture malicious packets or mail. Because these signatures cannot be developed until the malicious packet/code has been discovered, this gives the attacker time to do his/her work. How many times have you logged in at your ISP and there is an e-mail waiting for you claiming to be from the ISP's customer services division requesting your user name, password and credit card number? Could an IDS system or anti-virus system detect this? That would depend. If this happens all the time then the answer is yes; otherwise, probably not. As technology advances, so will the type of virus we will be encountering. Social Engineering will become a critical part releasing and executing these viruses. The great thing about e-mail is that it only takes one person to open his/her e-mail to begin its circulation.

Do you want to share you views?? Just leave a comment here. you can also drop an email on

No comments:

Post a Comment

thanks for visiting this blog