"Take a look at this
< link to malicious program >
Great stuff :-)
Most recipients click on the link and launch the Trojan. This is due to the fact that most people trust messages sent by ICQ, and donít doubt that the link was sent by a friend. And this is how the Trojan spreads - after infecting your friendís computer, the Trojan will send itself on to all addresses in your friendís contact list, and at the same time will be delivering stolen data to its author.
One particular cause for concern is that nowadays even inexperienced virus writers can write such programs and use them in combination with social engineering methods. Below is an example: a program written by someone who is not very proficient in English Ė Trojan-Spy.Win32.Agent.ih. When launched, the Trojan causes the dialogue window shown below to be displayed
Figure 2. Dialog window displayed by Trojan-Spy.Win32.Agent.ih
The user is asked to pay just $1 for Internet services - a classic case of social engineering:
- the user is given no time to consider the matter; payment must be made the day the user sees the message.
- the user is asked to pay a very small sum (in this case $1). This significantly increases the number of people who will pay. Few people will make the effort to try and get additional information if they are only asked for one dollar;
- deception is used to motivate the user to pay: in this case, the user is told that Internet access will be cut off unless payment is made;
- in order to minimize suspicion, the message appears to come from the ISP's administrators. The user is expected to think that it is the administrators which have written a program via which payment can be made in order to save users time and effort. Additionally, it would be logical for the ISP to know the userís email address.
Figure 3. Credit card information dialog displayed by Trojan-Spy.Win32.Agent.ih
Of course, even when the user fills in all the fields and clicks on ďPay 1$Ē no money will be deducted. Instead, the credit card information is sent via email to the cybercriminals.
Social engineering methods are also often used independently of malicious programs, especially in phishing attacks (i.e. attacks targeting customers of banks that offer online banking services). Users receive emails supposedly sent by the bank. Such messages state that the customer's account has been blocked (this is, of course, untrue) and that the customer should follow the link in the message and enter his/ her account details in order to unblock the account. The link is specially designed to look exactly like the Internet address of the bankís website. In reality, the link leads to a cyber criminalís website. If account details are entered, the cyber criminal will then have access to the account.