In the past, malware interested in establishing a one-to-one social engineering communication channel with potential victims, used to crawl the hard drive, even the web address book of the infected party looking for emails to self-email the binary to. And with the rise of instant messaging communications, malware authors adapted old techniques such as harvesting for emails to IM communications by introducing IM screen names harvesting and positioning the practice as both a product in the form of the segmented email databases of millions of emails already harvested, and as a service, by aggregating publicly available profile data to deliver targeted messages often in the form of phishing, malware embedded URLs, and spam. Hitlist's based malware is nothing new, it's actually malware authors borrowing the spammers "direct marketing" communication model, and while you cannot change your email's account name unless of course you're using a disposable or temporary email service, you can easily, in fact periodically change your screen name.
IM networks are on the other hand, slowly adopting a "save the world from the clicking crowd" security awareness model by blocking common malicious file and domain extensions, an initiative that's both applaudable and futile at the same time given the failure of URL filtering in today's dynamic and user-generated content Web. Go through an informative article by ScanSafe's Dan Nadir with comments on Signature-based detection, Heuristics, Code Analysis, Code reputation, URL Reputation, and Traffic Behavioral Analysis.
Independent Contractor. Bitcoin: 15Zvie1j8CjSR52doVSZSjctCDSx3pDjKZ Email: dancho.danchev@hush.com OMEMO: ddanchev@conversations.im | OTR: danchodanchev@xmpp.jp | TOX ID: 2E6FCA35A18AA76B2CCE33B55404A796F077CADA56F38922A1988AA381AE617A15D3D3E3E6F1
Wednesday, October 17, 2007
Thousands of IM Screen Names in the Wild
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment