ITBusiness.ca

Cyber criminals get more aggressive with social engineering tactics

by Matt Sergeant

Cyber criminals are more aggressive with their social engineering tactics as evidenced in the September 2011 Symantec Intelligence Report. This month, roughly 72 per cent of all e-mail-borne malware contained aggressive variants of generic polymorphic malware, compared with 23.7 per cent in July and 18.5 per cent in August.

Attackers are exploiting the weaknesses of traditional security preventions by using a variety of strategies to trick users.

With most of today’s printers featuring scan-to-e-mail capabilities, malware authors are becoming more sophisticated in how they target users. Some social engineering tactics are used to send executables in a compressed “.zip” archive through an e-mail that’s disguised as a scanned document from a printer. In some cases, attackers are even able to spoof the sender domain name to match the recipient’s domain, fooling users to believe the message was forwarded from a colleague.

Example of a malicious e-mail disguised as a scanned document sent from an office printer

[September 2011 Symantec Intelligence Report]

In some malware e-mails, cyber criminals are able to change the file extension of an archived file to display it as a “.doc” extension. In other cases, an e-mail subject line is made relevant to the user. E-mail subject lines could read “Banking security update” to “Hello, Erinn online now,” to trick the user into opening the e-mail and clicking on a malicious link.

 

 

 

Examples of subjects used to spread malware

[September 2011 Symantec Intelligence Report]

As intended, these sophisticated and aggressive attack techniques are making it harder to detect malware. Users should always exercise caution when opening e-mails and attachments from unknown senders and flag unusual e-mail confirmations to an IT department, or within applicable e-mail software suites if an option is available to report spam.

To find out more information on what the Canadian government is doing to combat spam, please visit the Web site for the Task Force on Spam.

-30-

 

 

 

Exit mobile version