Manual attacks of this nature are common and frequently supported by social networking sites, such as Myspace or Facebook, and have proven to be immensely successful. While both methods involve a high degree of automated mechanisms to support the attack, the primary vector for achieving the installation of the update remains a manual user-directed process, although clicking a link within an IM client or web application may initiate the update. This type of attack has also been conducted using an Instant Messaging virus payload, which harvests the names from a user's contact list and sends instant messages to those users to download and apply the update. One phishing-assisted variation on this attack involves hosting what appears to be a software update, then harvesting actual email addresses for an organization, or generating commonly used email addresses, and then sending spam, phishing, or spear-phishing emails to the organization's users requesting that they manually download and install the malicious software update. Corporate Facebook or Myspace pages make it easy to target users of a specific company or affiliation without relying on email address harvesting or spamming. Thus the attacker has in his or her arsenal a choice of initial attack vectors ranging from traditional SMTP/POP/IMAP spamming and its varieties, to web-application mechanisms which commonly implement both chat and rich HTML messaging within the user interface. Spamming, for example, is a common method employed as an secondary attack vector. Attacks which aim at penetrating a specific network infrastructure often rely upon secondary attack methods to achieve the desired impact. Manual, or user-assisted attacks, vary from requiring the user to download and run an executable, to as streamlined as tricking the user on clicking a single url. Targeted attacks aim at a particular demographic or user population. Untargeted attacks rely upon a mass delivery system such as spamming, phishing, or trojans/botnets to distribute emails or other messages to vast populations of users. Attacks involving malicious software updates can be targeted or untargeted in reference to a population of users, and can also involve manual and automatic means of payload installation. Virtually all software requires frequent updates or patches, giving the attacker immense latitude when structuring the attack, as well as many targets of opportunity. As such the attack employs 'spoofing' techniques augmented by psychological or technological mechanisms to disguise the update and/or its source. Although there are several variations to this strategy of attack, the attack methods are united in that all rely on the ability of an attacker to position and disguise malicious content such that it masquerades as a legitimate software update which is then processed by a program, undermining application integrity. An attacker uses deceptive methods to cause a user or an automated process to download and install dangerous code believed to be a valid update that originates from an attacker controlled source.
0 Comments
Leave a Reply. |