At the beginning of 2006, I discussed the evolving concept of localizing malware attacks :
"By localization of malware, I mean social engineering attacks, use of spelling and grammar free native language catches, IP Geolocation, in both when it comes to future or current segmented attacks/reports on a national, or city level. We are already seeing localization of phishing and have been seeing it in spam for quite some time as well. The “best” phish attack to be achieved in that case would be, to timely respond on a nation-wide event/disaster in the most localized way as possible. If I were to also include intellectual property theft on such level, it would be too paranoid to mention, still relevant I think. Abusing the momentum and localizing the attack to target specific users only, would improve its authenticity. For instance, I’ve come across harvested emails for sale segmented not only on cities in the country involved, but on specific industries as well, that could prove invaluable to a malicious attack, given today’s growth in more targeted attacks, compared to mass ones."
The current "events-based" malware is a good example here. If it were a piece of malware to automatically exploit the targeted PC, then you really have a problem to worry about. Meanwhile, Businessweek is running an interesting article on Why Antivirus Technology Is Ineffective, and stating "white-listing" is the future of malware prevention. Could be, if there wasn't ways to bypass the white-listing technology, or give a "white-listed" application a Second Life -- and of course there are.
In another piece of quality research written by Mike Bond and George Danezis, the authors take us through the temptation stage, monitoring, blackmail, voluntary propagation, involuntary propagation, and present nice taxonomies of rewards and blackmail.
And if you're still looking for fancy stats and data to go through, read this surprisingly well written paper by Microsoft - Behavioural Modelling of Social Engineering-Based Malicious Software. They've managed to spot the most popular patterns - generic conversation, non-english language used, virus alert/software patch required, malware found on your computer, no malware found, account information, mail delivery error, physical attraction, accusatory, current events, and free stuff.
Current events, free stuff, and malware on your computer are the most effective ones from my point of view as they all exploit wise psychological tactics. Current events because the Internet is a major news source and has always been, free stuff, due the myth of "free stuff" on the Internet, and the found malware putting the (gullible) end user in a "oops it was my turn to get a nasty virus" state of mind.
No comments:
Post a Comment