When malware creators use social engineering techniques, they can lure an unwary user into launching an infected file or opening a link to an infected website. Many email worms and other types of malware use these methods.
The cybercriminal will aim to attract the user’s attention to the link or infected file – and then get the user to click on it.
Examples of this type of attack include:
Links to infected sites can be sent via email, ICQ and other IM systems – or even via IRC Internet chat rooms. Mobile viruses are often delivered by SMS message.
Whichever delivery method is used, the message will usually contain eye-catching or intriguing words that encourage the unsuspecting user to click on the link. This method of penetrating a system can allow the malware to bypass the mail server’s antivirus filters.
P2P networks are also used to distribute malware. A worm or a Trojan virus will appear on the P2P network, but will be named in a way that’s likely to attract attention and get users to download and launch the file – for example:
In some cases, the malware creators and distributors take steps that reduce the likelihood of victims reporting an infection:
Victims may respond to a fake offer of a free utility or a guide that promises:
In these cases, when the download turns out to be a Trojan virus, the victim will be keen to avoid disclosing their own illegal intentions. Hence, the victim will probably not report the infection to any law enforcement agencies.
Another example of this technique was the Trojan virus that was sent to email addresses that were taken from a recruitment website. People that had registered on the site received fake job offers – but the offers included a Trojan virus. The attack mainly targeted corporate email addresses – and the cybercriminals knew that the staff that received the Trojan would not want to tell their employers that they had been infected while they were looking for alternative employment.
In some cases, cybercriminals have used complex methods to complete their cyberattacks, including:
When malware creators use social engineering techniques, they can lure an unwary user into launching an infected file or opening a link to an infected website. Many email worms and other types of malware use these methods.