Social engineering methods used to spread malware
Recently, social engineering has been one of the most effective ways to spread malware. As practice shows, the holes in software are closed sooner or later, and in the users' minds things are not so rosy ...
For example, not so long ago, Microsoft released a patch for shutting off autoruns from flash drives. Yes, and many anti-virus products have adopted a ban on the autorun.inf file. It would seem that this should undermine the wave of Malvari, which uses removable disks for distribution. But no! Why..? Innate curiosity pushes people to take many ill-advised actions. If you can not automatically start, you must force the user to do it!
I tried to group the most common social engineering methods that attackers use to spread malware and give some protection tips.
The executable file is masked as a folder, a legitimate application, or a file type using the corresponding icon. A user in a hurry pokes the mouse and launches the file for execution.
')
Protection:
The intriguing name of the executable file, which pushes the user to start it (for example, “Do not open .scr”).
Protection:
The user is lured to the site of the attacker, under the pretext of access to the content (video, for example), he is offered to download the codec \ driver \ unpacker. Curiosity once again prevails over the mind ...
Protection:
The fact that e-mail and various instant messengers are pouring messages with pleas to send an SMS or poking a link is no surprise to anyone, fortunately, most users have learned not to pay attention to it. Therefore, the villains master new ways.
In January of this year, ICQ users were attacked by Malvari “Piggy.zip” or “ H1N1 ”, which infecting a user's computer, was sent to all of his contacts, moreover, in response to phrases like “what kind of virus is on ... ???” and “You are a bot?”, Quite vopad replied “no, this is a flash drive about a pig, look :)” or “you are a bot =”.
As the code analysis showed, the virus simply searches for the keywords in the message (spammer, virus, bot, etc.) and throws out the phrase in some way correlating with the meaning of the keyword. With all the simplicity of the implementation of "intelligence", this approach proved to be extremely effective! Very many users who considered themselves relatively advanced in the field of computer security were hooked. It is terrible to think what will happen if you embed a normal chat bot in a similar Trojan ... For the sake of justice, it should be noted that the first such case was already in 2005 .
Protection:
Thanks to the total price reduction of various data carriers, in particular flash, an attacker may not regret throwing a disk or a flash drive with a trojan directly on your doorstep. A burning desire to see what is there, most likely, will prevail, the user connects the disk and activates the malware (quite possibly one of the above methods), which the attacker wanted! Sicness has already talked about his experience of throwing up an “apple”.
Protection:
On tip- off Antelle is another method.
As a rule, they try to convince a person that his computer is infested with viruses, personal data and passwords are leaked to hackers, spam is allegedly sent from his IP, etc. To solve all the problems, it is proposed to immediately download and install a certain “antivirus” (be careful, many of these “solutions” completely copy the interface of well-known products). After installation, either the system is locked, with the requirement to pay for the “product license”, or simply another file is downloaded to the user's computer with any desired functionality.
Protection
For example, not so long ago, Microsoft released a patch for shutting off autoruns from flash drives. Yes, and many anti-virus products have adopted a ban on the autorun.inf file. It would seem that this should undermine the wave of Malvari, which uses removable disks for distribution. But no! Why..? Innate curiosity pushes people to take many ill-advised actions. If you can not automatically start, you must force the user to do it!
I tried to group the most common social engineering methods that attackers use to spread malware and give some protection tips.
1. Substitution of the file icon
The executable file is masked as a folder, a legitimate application, or a file type using the corresponding icon. A user in a hurry pokes the mouse and launches the file for execution.
')
Protection:
- Teach yourself to use file managers like Total Commander, etc.
- If you still use Windows Explorer, try working with tabular display of files and pay attention to the file type before clicking on it with the mouse (especially when working with files from removable and network drives).
2. Intriguing file name
The intriguing name of the executable file, which pushes the user to start it (for example, “Do not open .scr”).
Protection:
- A competent user of such names should immediately cause suspicion. Check the file type in the file manager, if it is * .exe, * .scr, * .bat, * .vbs, then it is better not to touch it.
- If this is an executable file, and it’s itching to start up your hands, at least check it out for virustotal , although for the first few days, the latest malware will hardly be detected by antivirus software.
3. Playing on the user's desire to gain access to the desired content
The user is lured to the site of the attacker, under the pretext of access to the content (video, for example), he is offered to download the codec \ driver \ unpacker. Curiosity once again prevails over the mind ...
Protection:
- Never click on such links, much less do not run if you still downloaded. Yes, the installation of a special codec for watching videos, for example, is necessary on some legal sites that embed advertising in a video. Do you need it? It is better to find the same elsewhere.
- Use anti-phishing filters built into modern browsers and antiviruses, do not ignore their warnings.
4. Imitation of live communication
The fact that e-mail and various instant messengers are pouring messages with pleas to send an SMS or poking a link is no surprise to anyone, fortunately, most users have learned not to pay attention to it. Therefore, the villains master new ways.
In January of this year, ICQ users were attacked by Malvari “Piggy.zip” or “ H1N1 ”, which infecting a user's computer, was sent to all of his contacts, moreover, in response to phrases like “what kind of virus is on ... ???” and “You are a bot?”, Quite vopad replied “no, this is a flash drive about a pig, look :)” or “you are a bot =”.
As the code analysis showed, the virus simply searches for the keywords in the message (spammer, virus, bot, etc.) and throws out the phrase in some way correlating with the meaning of the keyword. With all the simplicity of the implementation of "intelligence", this approach proved to be extremely effective! Very many users who considered themselves relatively advanced in the field of computer security were hooked. It is terrible to think what will happen if you embed a normal chat bot in a similar Trojan ... For the sake of justice, it should be noted that the first such case was already in 2005 .
Protection:
- Do not accept files and do not click on links received from unfamiliar contacts.
- When receiving files, even from best friends, pay attention to the suspicious change of style and style of communication, it is better to ask several times to describe the contents of the file.
5. "Road Apple"
Thanks to the total price reduction of various data carriers, in particular flash, an attacker may not regret throwing a disk or a flash drive with a trojan directly on your doorstep. A burning desire to see what is there, most likely, will prevail, the user connects the disk and activates the malware (quite possibly one of the above methods), which the attacker wanted! Sicness has already talked about his experience of throwing up an “apple”.
Protection:
- Check on a separate isolated machine all media arriving in the company from unverified sources.
- If you work in a serious company and “suddenly” find something on the way to work, you should refrain from independent experiments and transfer the carrier to the IT security service for verification.
- On the other hand, if you are an ordinary student or a plumber, it is unlikely that someone will deliberately scatter flash drives in front of you :). Nevertheless, it is better to check the finds for the contents in the virtual machine.
On tip- off Antelle is another method.
6. Operation of User Fears
As a rule, they try to convince a person that his computer is infested with viruses, personal data and passwords are leaked to hackers, spam is allegedly sent from his IP, etc. To solve all the problems, it is proposed to immediately download and install a certain “antivirus” (be careful, many of these “solutions” completely copy the interface of well-known products). After installation, either the system is locked, with the requirement to pay for the “product license”, or simply another file is downloaded to the user's computer with any desired functionality.
Protection
- Never respond to warnings that pop up on various dubious sites that your computer is infected, you are in danger, etc.
- Use only well-known brands of antiviruses, always download distributions exclusively from the official website of the company.
Source: https://habr.com/ru/post/101641/
All Articles