Combining Social Engineering & Malware Implementation Techniques

Cybercriminals will often use a combination of social engineering methods and malware implementation techniques – in order to maximise the chances of infecting users’ computers:

• Social engineering methods – including phishing attacks – help to attract the potential victim’s attention.
• Malware implementation techniques – increase the likelihood of the infected object penetrating the victim’s computer.

Examples include:

• Mimail
  This was one of the first worms that was designed to steal personal data from users’ online accounts. The worm was distributed as an email attachment – and the email contained text that was designed to attract the victim’s attention. In order to launch a worm copy from the attached ZIP archive, the virus writers exploited a vulnerability within the Internet Explorer browser. When the file was opened, the worm created a copy of itself on the victim’s disk – and then launched itself, without any system warnings or the need for any additional action by the user.
• Hello
  A spam email – with the word ‘Hello’ in the subject line – stated ‘Look what they say about you’ and included a link to an infected website. The website contained a script that downloaded LdPinch – a Trojan virus that was designed to steal passwords from the user’s computer, by exploiting a vulnerability in the Internet Explorer browser.