Social engineering – the ultimate malware strategy

Social engineering – the ultimate malware strategy

Posted on July 14th, 2011 by admin

malware tricking users to provide credentials 

If you were a bad guy and wanted someone’s login credentials for their bank account, what would be the easiest way to get them assuming you could do it any way you liked?

Ask them for the details seems like a darn easy way.

Social engineering, tricking people into disclosing secure login details, is very effective way to compromise accounts.  Many current computer viruses look like legitimate programs from known and trusted companies so it is easy to see how some percentage of people willingly provide credit card details to have the malware removed.

Now there is a variant targeting Android phones being used to access bank account information and they are really stealthy.

Teh malware, called Zitmo isn’t new, but this Android variant is.   It has been defeating SMS-based banking two-factor authentication on Symbian, BlackBerry and Windows Mobile for a several months, according to Axelle Apvrille, a senior antivirus analyst and researcher for Fortinet.

The malware lies in wait on the phone until the user starts accessing a bank website.  It then asks for security confirmations or to download an authentication application, posing as the bank, and BINGO – you have been compromised.

As recommended before, NEVER – EVER click on something you are100% sure about.  It is getting more difficult to distinguish between real and fake pop-ups when we scream across the internet clicking through menu options like the hooked-on-data consumers we are.

Read the full article at “Information Week”: