The weakest computer security link

By Juraj Malcho

While exploits targeting holes in computer software are on daily order, we are presently seeing a rise in social engineering techniques.

“The fact that we are social creatures predisposes us to become the weakest link in the proverbial security chain.”
-Juraj Malcho

Computer users are relatively easily duped into downloading a slew of malware - ranging from rogue antivirus solutions, bogus applications, free music to adult content. In order to view this content, many of these “apps” require the user to first install a video codec or ActiveX component, which makes the user  into easy prey for encrypted, password-protected threats.
Social engineering, in short, encompasses a set of fraudulent techniques, strongly aided by a psychological aspect, with the aim to trick computer users into performing a desired action.

The human predicament

The issue of social engineering is fast becoming the topic of the day. The fact that we humans are social creatures predisposes us to become the weakest link in the proverbial security chain. The knee-jerk reaction to what we are up against seems to be to push more education and awareness about these types of threats. Many experts, however, are skeptical. Everything related to malicious code is evolving at a phenomenal rate - the code itself, the delivery techniques, and the tricks to dupe users.

Some attacks out there may be quite amateurish, but many bear the signs of professionalism with all the hallmarks of credibility. Phishing scams can be very convincing - often with uncanny resemblance to the original source. Presently, we are seeing ever-more directed attacks, designed to go after specific information. To increase their effectiveness, the ploys often contain an impressive amount of detail, complete with the victim’s intimate personal data.

Storm Worm, aka Win32/Nuwar, is a piece of malware that can be infamously dubbed the present-day master of social engineering.  Its name was inspired by fake pieces of news used during the early stages of the worm’s spreading. In November 2006, when the worm had been distributing in emails, it contained subject heading straight out of an apocalyptical thriller, announcing “Putin and Bush starts NUCLEAR WAR! Check the file!” or “Nuclear War in Russia! Read news in file! ”

After a fierce windstorm had swept across Europe in 2007, the worm was announcing “230 Dead as Storm Batters Europe.” The similarity in the structure of the worm’s variants wasn’t evident in the beginning, thus the new worm was simply dubbed Storm, (Stormworm). Since then, the worm has been using all major world headlines to fill in the subject of spam it sends – and registering a high success rate.

What is interesting about this particular form of malware, compared to similar phishing threats, is its low graphical quality. It’s not that the malware’s authors could not do any better - it’s just that their model   meets the threshold criteria to arouse the curiosity of the target audience.

It is a well known fact that people are drawn to bad news, making this an important psychological aspect behind the attack’s design. Similarly, in light of the financial crisis, people have been caught by scammers using fake news concerning their financial institution. Suddenly, an E-mail would appear announcing “Wells Fargo is buying Wachovia” and you happen to be Wachovia customer. Next thing you know, you are requested to “update your records to help us with the merger.”  Needless to say, many people actually fell for this ploy and volunteered banking information they would often think twice about sharing with their spouse.

Some tips to stay secure

Be suspicious of emails from unknown senders. Use a trusted security solution to scan all e-mail attachments before opening or downloading them. Do not discuss any important information via unsolicited e-mails (or phone calls, for that matter) without verifying first the authenticity of the sender. Know that most legitimate financial institutions will not ask you for sensitive account information via email.

Wishing you safe browsing and e-mailing in cyberspace.

About the author

Juraj Malcho currently works for ESET as Head of Virus Laboratory. He joined the company in March 2004 as a virus researcher, responsible for threat detection and research. He has given presentations at several security conferences, including ISOI and Virus Bulletin, and has been actively participating in AMTSO