Social engineering

Social engineering describes a number of tactics used by crackers, virus/worm creators, the viruses/worms themselves and others who want to gain access to a system with the help of the user. In the realm of self-replicating programs, social engineering is mostly applied to those worms and macros that spread through email, instant messages, peer-to-peer file sharing and other spreading methods that require user authorization.

Most commonly, social engineering exploits people's emotions and their desire to help others. Zhelatin, which created the powerful Storm botnet, had many email subject lines that read like sensationalist newspaper headlines. Some variants of Beagle accuse the recipient of being a spammer and threaten them with legal action, and the details are in the attachment. Other worms have used threats from financial institutions, bill collectors and auction sites.

Love and sex have been common tools of manipulation through history, and viruses and worms have used it as soon as email-spreading programs became popular. Melissa started out as a list of porn sites an adult message board. Chick and Kournikova promise pictures of young female celebrities. The peer-to-peer Kazaa worm Roron copies itself as file names that lead the user to believe they will get pictures of naked women or people having sex. Loveletter famously arrives as a love letter from someone in your address book.

Some self-replicating programs use extremely simple social engineering. Netsky used very minimal social engineering tactics and was extremely successful. Collo pretty much just says "check out this program". Mylife uses a mildly funny email text.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-NonCommercial-ShareAlike 3.0 License