Monday, February 9, 2009

A new hacking Innovation

parkingticket Hackers have always been able to open doors which we never knew existed. Once the right people get to know of these doors, they close it down and then the hacker goes in search for other ways. Why do these highly intelligent minds focus their attention on destruction than creation? May be I should ask a hacker. To be frank, I am impressed by the effort these guys put in.

It is also interesting to see that the vast majority of malware these days relies pretty heavily on social engineering tactics. This goes to show that the modern Operating Systems are actually pretty secure. All those security patches have pretty much paid off. We've come a long way in terms of security since the days of the windows 98 password "protection".

I guess it's hard for a lot of us to remember that security wasn't even considered an issue in the early days of computing. Way back then, we were all completely focused on getting the damn things to share stuff, not prevent them from doing so.  Well, my post has nothing to do with why hackers do it. It’s just about a new technique they have used. Read on…

Hackers are using fake parking violation warnings to trick motorists into visiting malware-infested websites.

The innovative social engineering trick was pulled off in Grand Forks, North Dakota using windshield fliers with a website address linked to a booby-trapped website. The fliers said:

PARKING VIOLATION This vehicle is in violation of standard parking regulations. To view pictures with information about your parking preferences, go to [website-redacted]

Drivers visiting the website were coaxed into installing a browser helper object (spyware component) for IE. Attempts are also made to frighten or coerce surfers into installing fake anti-virus scanner packages.

Lenny Zeltser, an anti-virus analyst at the SANS Institute, comments: "Attackers continue to come up with creative ways of tricking potential victims into installing malicious software. Merging physical and virtual worlds via objects that point to websites is one way to do this. I imagine we'll be seeing such approaches more often."

SANS has a write-up of the attack, include screenshots and pictures, here. ®

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)