Social Engineering exploiting Olympics Games 2010
As usual, the social engineering techniques are a fundamental pattern for attacks of any kind and magnitude.
From this perspective, any news in a few minutes covering the media more important globally, or any event whose importance is known to people from all over the world, is an object in power to exploit his image with fraudulently the intention of spreading malware.
The Olympic Games 2010 to be developed in the Canadian city of Vancouver, is one of those events in which security professionals sharpen their senses because they know perfectly well that any campaign will find uses as an excuse to spread this event.
Under this premise, and began to spot the early signs. Here is a website exclusively created to spread malware, and whose vision is very similar to the actual page of the Olympic Games 2010.
Here we can see a screenshot of the actual page and false respectively, which notes that in addition to visual social engineering strategy employed, an important part of the deception lies in the domain name, namely:
From this perspective, any news in a few minutes covering the media more important globally, or any event whose importance is known to people from all over the world, is an object in power to exploit his image with fraudulently the intention of spreading malware.
The Olympic Games 2010 to be developed in the Canadian city of Vancouver, is one of those events in which security professionals sharpen their senses because they know perfectly well that any campaign will find uses as an excuse to spread this event.
Under this premise, and began to spot the early signs. Here is a website exclusively created to spread malware, and whose vision is very similar to the actual page of the Olympic Games 2010.
Here we can see a screenshot of the actual page and false respectively, which notes that in addition to visual social engineering strategy employed, an important part of the deception lies in the domain name, namely:
Real Website - http://www.vancouver2010.com
In this instance, when the user accesses the fake page instead of automatically display the video presentation, is the alleged error in the flash plugin, offering to download a binary called flash-plugin_update.45125 (MD5:45E21E0CDA8D456B26D1808D4ACB76B0) which is a malware with a very low detection rate.
The website is hosted on a German ISP, the IP address 188.40.84.202. However, the executable is downloaded from electricmediadata.com (67.15.47.189) housed in ThePlanet under ASN21844; identified as:
- Botnet C&C servers
- Phihing servers
- Spam servers
- Malware servers
Although this scenario at present not surprising, since it's well known that in the process of propagation/infection there is always an important element of deception, malware infection rate during the initial stage of propagation vector used as engineering social policy, remains very high.
This leads to two questions for anything trivial. First, the social engineering techniques are a key condiment spread processes don't go out of fashion, and on the other, depending on this and, especially taking into account their high impact in the level of effectiveness, it seems that there is a very poor culture in prevention, or is that... the processes of awareness simply not enough?
This leads to two questions for anything trivial. First, the social engineering techniques are a key condiment spread processes don't go out of fashion, and on the other, depending on this and, especially taking into account their high impact in the level of effectiveness, it seems that there is a very poor culture in prevention, or is that... the processes of awareness simply not enough?
Related Information
Visual social engineering to spread malware
Deception techniques that do not go out of style
Ingeniería Social visual y el empleo de pornografía como vector de propagación e infección II
Ingeniería Social visual y el empleo de pornografía como vector de propagación e infección
Jorge Mieres
0 comentarios:
Post a Comment