📜 ⬆️ ⬇️

Social engineering methods used to spread malware

Recently, social engineering has been one of the most effective ways to spread malware. As practice shows, the holes in software are closed sooner or later, and in the users' minds things are not so rosy ...

For example, not so long ago, Microsoft released a patch for shutting off autoruns from flash drives. Yes, and many anti-virus products have adopted a ban on the autorun.inf file. It would seem that this should undermine the wave of Malvari, which uses removable disks for distribution. But no! Why..? Innate curiosity pushes people to take many ill-advised actions. If you can not automatically start, you must force the user to do it!

I tried to group the most common social engineering methods that attackers use to spread malware and give some protection tips.

1. Substitution of the file icon

The executable file is masked as a folder, a legitimate application, or a file type using the corresponding icon. A user in a hurry pokes the mouse and launches the file for execution.


2. Intriguing file name

The intriguing name of the executable file, which pushes the user to start it (for example, “Do not open .scr”).


3. Playing on the user's desire to gain access to the desired content

The user is lured to the site of the attacker, under the pretext of access to the content (video, for example), he is offered to download the codec \ driver \ unpacker. Curiosity once again prevails over the mind ...


4. Imitation of live communication

The fact that e-mail and various instant messengers are pouring messages with pleas to send an SMS or poking a link is no surprise to anyone, fortunately, most users have learned not to pay attention to it. Therefore, the villains master new ways.
In January of this year, ICQ users were attacked by Malvari “Piggy.zip” or “ H1N1 ”, which infecting a user's computer, was sent to all of his contacts, moreover, in response to phrases like “what kind of virus is on ... ???” and “You are a bot?”, Quite vopad replied “no, this is a flash drive about a pig, look :)” or “you are a bot =”.


As the code analysis showed, the virus simply searches for the keywords in the message (spammer, virus, bot, etc.) and throws out the phrase in some way correlating with the meaning of the keyword. With all the simplicity of the implementation of "intelligence", this approach proved to be extremely effective! Very many users who considered themselves relatively advanced in the field of computer security were hooked. It is terrible to think what will happen if you embed a normal chat bot in a similar Trojan ... For the sake of justice, it should be noted that the first such case was already in 2005 .


5. "Road Apple"

Thanks to the total price reduction of various data carriers, in particular flash, an attacker may not regret throwing a disk or a flash drive with a trojan directly on your doorstep. A burning desire to see what is there, most likely, will prevail, the user connects the disk and activates the malware (quite possibly one of the above methods), which the attacker wanted! Sicness has already talked about his experience of throwing up an “apple”.


On tip- off Antelle is another method.

6. Operation of User Fears

As a rule, they try to convince a person that his computer is infested with viruses, personal data and passwords are leaked to hackers, spam is allegedly sent from his IP, etc. To solve all the problems, it is proposed to immediately download and install a certain “antivirus” (be careful, many of these “solutions” completely copy the interface of well-known products). After installation, either the system is locked, with the requirement to pay for the “product license”, or simply another file is downloaded to the user's computer with any desired functionality.


Source: https://habr.com/ru/post/101641/

All Articles