Posted by: Robert Westervelt
Rogue Antivirus, social engineering
Attackers are getting better at social engineering because Internet users are ignoring privacy.
Attackers have gotten very good at tricking end users into clicking on links to malicious content and they’re likely to get even better, according to a blog entry this morning in the SANS Internet Storm Center diary.
Rogue antivirus programs have been one of the most successful schemes, according to SANS. The scheme is simple. It involves tricking users that they have been infected with a virus and must download an antivirus program to disinfect their machine.
From the SANS diary entry:
The main reason, however, why rogue AV is so successful is its persistence and amount of details – the web page they use to scare the visitor looks almost exactly like Windows’ Security Center. … It is now not strange that rogue AV programs are infecting so many machines. The devil is in the details, and the attackers made damn sure that all details are here to fool the potential victims.
I used to say that only your mother or grandfather actually clicks on those links, but clearly the attackers have gotten better at using social engineering tactics to easily trick victims into clicking on links. But clearly it doesn’t matter how technology savvy the younger generation is.
The mountains of data being placed on social networking websites like Twitter, Facebook, MySpace and others is making it easier for attackers to scan and identify victims by location, know their likes and dislikes and understand who their friends, family and coworkers are. The result is terrifying to consider.
The SANS’ Bojan Zdrnja points out that persistence has been key to the success of rogue AV. Those behind it have coded it elegantly, Zdrnja says. They also stay on top of current events to get users to click on search engine results leading to malicious Web pages.
The attack takes persistence on the part of the attacker, but it also is relying on our complete ignorance of privacy. The use of social networks and the amount of information being shared on the Internet is feeding right into the hands of cybercriminals.