|
Commentaries: Mydoom.A.worm: social engineering aimed at network administrators |
|
|
 
Mydoom.A.worm: social engineering aimed at network administrators
To get users to open unsolicited mail, virus writers often employ a technique generally referred to as social engineering. This term is something of a euphemism for what could be called plain trickery, i.e. using some kind of message to attract users' attention.
One all-time classic example was the virus Loveletter. Around May 2000, it spread across the world by convincing users to open an e-mail message supposedly containing a love letter. As all too many people will remember, the trick did the job. Hundreds of thousands, if not millions of users opened the message, no matter how improbable the source of the carte d'amour - the CEO, the washing powder rep, or the girl next door. And even though the message was always in English, users in hundreds of countries around the world fell for it. So with just a little bit of common sense, many could have avoided falling victim to the worm. But unfortunately, curiosity got the better of them... and we know what it did to the cat!
However, these tactics are not always successful. When users are really switched on, no amount of cunning will suffice, as any sort of message like these will arouse suspicion and cause the user to take the necessary security precautions. But what if the worm is designed specifically designed to trick those who are most wise to the typical bait used by virus creators?
The Mydoom.A. worm is such a case. With a simple subject and message text that appear to be a warning message of a corrupt e-mail, the effect has been frightening. Why wouldn't an expert user open an error message from the e-mail server?
In this case, the new worm takes advantage of the superior knowledge of network administrators or expert users. These experts, who obviously wouldn't fall for the bait of a pornographic photo or the like, have naturally wanted to look into an error message about a corrupt e-mail.
To make things worse, if the person who opens the message is the network administrator, the virus will be able to access many more files than if it were a normal user, as the administrator will normally have total privileges. The implications are disastrous. There's no point in having a fantastic security barrier if one point in the chain is broken, especially when it's the theoretically strongest link in the chain, -the system administrator.
It is often said that the level of security of a system is its weakest link. Even though in many cases potential security holes are covered technically, training users at all levels is another matter entirely - despite continuous calls to draw attention to the importance of the issue
When a global security project is implemented across a company's networks, reaction to an incident doesn't usually include training the user responsible. If the error were to occur in a router, the router would be updated with the necessary patches to avoid a repetition of the incident. But when the user is the cause, it is not customary for the person to be given a training or refresher course.
In many cases simply warning users to leave their curiosity to one side when enticing messages appear in their inbox would be sufficient, but now it has gone one stage further: network administrators have to be just as alert with error messages as users with pornographic photos. Its simply a question of security.
Fernando de la Cuadra
International Technical Editor
Panda Software (http://www.pandasoftware.com)
E-mail: Fdelacuadra@pandasoftware.com
|
|
|
 |
| "Commentaries: Mydoom.A.worm: social engineering aimed at network administrators" | Login/Create an Account | 0 comments |
|
| | The comments are owned by the poster. We aren't responsible for their content. |
|
|
|
No Comments Allowed for Anonymous, please register |
|
| |
|
Login |
|
 |
|
|
|
|
· New User? · Click here to create a registered account.
|
|
|
Article Rating |
|
|
|
|
|
|
Average Score: 0
Votes: 0
|
|
|
