April 3, 2012

Beware Social-Engineering Attacks

Last summer, I spent some quality time rebuilding my PC, all because my cat, Chomps, began sneezing. Nothing serious as it turned out, but it sent me running to a favorite pet-health site. And when the site opened in Firefox, a convincing window popped on-screen (see photo). A virus scanner I'd never heard of ("Antimalware Doctor") claimed that my machine was infected with more than a dozen threats. And to clear them, I could click the Remove Threats button.

Yeah, right. I already use two malware scanners: the full subscription version of Symantec/Norton plus the also highly rated (and free) Malwarebytes. They're great at repelling intrusion attempts and viruses in real time, but neither of them had raised a peep over the viruses that Antimalware Doctor was screaming about. So my Racey Radar leaped to Red Alert.

I Googled "Antimalware Doctor" and found that when its window appeared, my computer was already infected by a clever and dangerous "social-engineering attack" - one that waits for its victims to behave like normal human beings. This makes it hard to avoid, even if you're as compulsively suspicious as I am.

Antimalware Doctor had simply waited for me to launch a formerly trusted Web site that it had infected since my last visit. And when I did, I basically opened my computer's back door and said, "Come on in boys!"

Be On the Lookout

Infected Web sites are only one way you can be tricked into compromising your security by just being human. In fact, so many social-engineering tricks exist that your best weapon is probably hyper paranoia. In other words:

  • SecurityTN-April-2-Art.jpgDon't fall for unfamiliar software posing as something trustworthy. The name "Antimalware Doctor," its claim to be a virus scanner and the "scanning" window that it displayed were clever ways to gain unsuspecting victims' trust and alarm them into clicking Remove Threats. As it turned out, if I had clicked anywhere in the Antimalware Doctor window (even on the red "X" to close it), more malware might have streamed into my PC, including keystroke-capture programs to report my account numbers, user IDs and passwords.
  • If any odd window appears on-screen, don't click anywhere in it. Don't even try to close it. Just reboot. You may lose work, but if you frequently save whatever you're doing, you won't lose much.
  • Pay attention to search results. If your browser displays a different-looking or poorly formatted results page, don't click any of its links, buttons or controls. Reboot. You may have pulled in a "redirect" virus that intercepts Web searches and redirects you to its own fake results. (Apple computers aren't immune to this, either.) If you click anywhere in these redirect pages, more malware might flood in.
  • Whether requests come through email, telephone, instant message, Twitter, Facebook or your front door, don't give personal information to people you didn't contact first on your own. Also suspect people claiming to represent organizations you have contacted or might normally trust. A ring of local con artists phoned my town's residents for donations to the "Police Beneficent Retirement Fund." A nice con: Who wants to hang up on the cops? But I did, and kept my bank accounts. Others didn't, and lost theirs. So make "Just say nothing" part of your personal and corporate infosecurity mantra.
  • Be leery of "friending" strangers on social-networking sites or clicking links in social-network pages. Links are easily spoofed and can lead to trouble.

Nobody's Safe

Social-engineering attacks capitalize on the things we do every day: viewing Web pages, clicking HTML links, using window controls.  But Web browsers and malware scanners are getting better at stopping these attacks. As a security sleuth, I do a ton of research. And at least twice a week, Norton/Symantec, Malwarebytes or Firefox alerts me to a link or Web site that's been reported as malicious. A year ago, they didn't do this. So kudos to them.

But social-engineering attacks are still almost unavoidable. That's another reason to use malware scanners and to keep them updated. My two scanners didn't detect Antimalware Doctor when it hit, but they did help me remove infected files afterward and have repelled several attacks since. Keep your browsers updated too. They could block the next infected site that you try to visit.

Next time, we'll explore another huge social-engineering attack tool: your email Inbox. So I'll see you then, right here under my usual dimly lit streetlamp...

Search Webtorials

Get E-News and Notices via Email




I accept Webtorials' Terms and Conditions.

Trending Discussions

See more discussions...

Featured Sponsor Microsites



Please note: By downloading this information, you acknowledge that the sponsor(s) of this information may contact you, providing that they give you the option of opting out of further communications from them concerning this information.  Also, by your downloading this information, you agree that the information is for your personal use only and that this information may not be retransmitted to others or reposted on another web site.  Continuing past this point indicates your acceptance of our terms of use as specified at Terms of Use.

Webtorial® is a registered servicemark of Distributed Networking Associates. The Webtorial logo is a servicemark of Distributed Networking Associates. Copyright 1999-2018, Distributed Networking Associates, Inc.