E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants

Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


Source: Katonda

Posted on March 26, 2010

While exploits targeting holes in computersoftware are on daily order, we are presently seeing a rise in social engineering techniques.

Computer users are relatively easily duped into downloading a slew of malware - ranging from rogue antivirus solutions, bogus applications, free music to adult content. In order to view this content, many of these "apps" require the user to first install a video codec or ActiveX component, which makes the user into easy prey for encrypted, password-protected threats.

Social engineering, in short, encompasses a set of fraudulent techniques, strongly aided by a psychological aspect, with the aim to trick computer users into performing a desired action.

The human predicament

The issue of social engineering is fast becoming the topic of the day. The fact that we humans are social creatures predisposes us to become the weakest link in the proverbial security chain. The knee-jerk reaction to what we are up against seems to be to push more education and awareness about these types of threats. Many experts, however, are skeptical. Everything related to malicious code is evolving at a phenomenal rate - the code itself, the delivery techniques, and the tricks to dupe users.

Some attacks out there may be quite amateurish, but many bear the signs of professionalism with all the hallmarks of credibility. Phishing scams can be very convincing - often with uncanny resemblance to the original source. Presently, we are seeing ever-more directed attacks, designed to go after specific information. To increase their effectiveness, the ploys often contain an impressive amount of detail, complete with the victim's intimate personal data.

Stormworm, aka Win32/Nuwar is a piece of malware that can be infamously dubbed the present-day master of social engineering. Its name was inspired by fake pieces of news used during the early stages of the worm's spreading. In November 2006, when the worm had been distributing in emails, it contained subject heading straight out of an apocalyptical thriller, announcing "Putin and Bush starts NUCLEAR WAR! Check the file!" or "Nuclear War in Russia! Read news in file! "

After a fierce windstorm had swept across Europe in 2007, the worm was announcing "230 Dead as Storm Batters Europe." The similarity in the structure of the worm's variants wasn't evident in the beginning, thus the new worm was simply dubbed Storm, (Stormworm). Since then, the worm has been using all major world headlines to fill in the subject of spam it sends and registering a high success rate.

What is interesting about this particular form of malware, compared to similar phishing threats, is its low graphical quality. It's not that the malware's authors could not do any better - it's just that their model meets the threshold criteria to arouse the curiosity of the target audience.

It is a well known fact that people are drawn to bad news, making this an important psychological aspect behind the attack's design. Similarly, in light of the financial crisis, people have been caught by scammers using fake newsconcerning their financial institution. Suddenly, an E-mail would appear announcing "Wells Fargo is buying Wachovia" and you happen to be a Wachovia customer. Next thing you know, you are requested to "update your records to help us with the merger." Needless to say, many people actually fell for this ploy and volunteered banking information they would often think twice about sharing with their spouse.

Some tips to stay secure

Be suspicious of emails from unknown senders. Use a trusted security solution to scan all e-mail attachments before opening or downloading them. Do not discuss any important information via unsolicited e-mails (or phone calls, for that matter) without verifying first the authenticity of the sender. Know that most legitimate financial institutions will not ask you for sensitive account information via email.

CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.

Final Entries

LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Privacy Breaches.

Get WebTrust
Working For
Your Site.