Attackers persuade users to infect themselves
The Sans Institute has uncovered more evidence that internet attackers don't necessarily need any clever technical tricks to plant malicious software on users' systems -- an understanding of psychology will do just as well. Click Here!
In a bulletin on Friday, Sans' Internet Storm Center (ISC) described a website that led to several users mysteriously becoming infected with malware. Part of the mystery, according to ISC handler Bojan Zdrnja, was that the site didn't use the nearly universal technique of an iframe, which allows exploit code to be siphoned in from another website.
"It's pure social engineering -- the user is actually encouraged to install the malware himself," Zdrnja wrote.
He said the site -- which is related to the game RuneScape -- shows some broken icons and links to a page that informs the user that his version of Macromedia Flash Player needs to be updated.
"After this notice, the user is redirected to a web site hosting a complete replica of the Shockwave Player Download Center," Zdrnja wrote. All the links on this page lead to Adobe's website except for the "install" link.
As a precaution, the page also uses JavaScript to disable right-click actions. Users download the malware themselves via an installer that was difficult to detect by most virus scanners, Zdrnja said.
He said the site demonstrates that attackers can infect users merely by lulling them into a false sense of security. "Technically this attack wasn't even worth the diary, however, the appearance could probably fool a lot of users," Zdrnja wrote.
The attackers didn't even bother to conceal the non-Adobe web address of the download page -- but because the page looks genuine, most users wouldn't even think to check the address bar, Zdrnja pointed out.
"Would SSL help here? Yes, but again only if users pay attention, and in this case they would first have to be trained to check for it when downloading files, and that's another story," he wrote.
» posted by ITworld staff
Techworld.com
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
Enterprise 2.0 Implementation
By Aaron C. Newman, Jeremy Thomas
Published by McGraw-Hill
Learn more!
Deploying Cisco Wide Area Application Services
By Zach Seils, Joel Christner
Published by Cisco Press
Learn more!
