Social engineering methods used to spread malware

    Recently, one of the most effective ways to spread malware is social engineering. As practice shows, the holes in the software sooner or later close, and in the brain of users everything is not so rosy ...

    For example, not so long ago, Microsoft released a patch that shut off autoran from flash drives. Yes, and many antivirus products have adopted the ban on the autorun.inf file. It would seem that this should distort the wave of the malvari using removable disks for distribution. But no! Why..? Inborn curiosity pushes people to many rash acts. Since you cannot start it automatically, you must force the user to do this!

    I tried to group the most common methods of social engineering that cybercriminals use to spread malware and give some protection tips.

    1. Substitution of the file icon

    The executable file is disguised as a folder, a legitimate application, or a file type using the corresponding icon. An eternally hurrying user pokes with a mouse and launches a file for execution.


    • Accustom yourself to use file managers like Total Commander, etc.
    • If you still use Windows Explorer, try to work with the tabular display of files and pay attention to the type of file before clicking on it with a mouse (especially when working with files from removable and network drives).

    2. Intriguing file name

    The intriguing name of the executable file that prompts the user to run it (for example, “Do not open .scr”).

    • A competent user should immediately be suspicious of such names. Check the file type in the file manager, if it is * .exe, * .scr, * .bat, * .vbs, then it’s better not to touch it.
    • If this is an executable file, and your hands itch to start, at least check it for virustotal , though the first few days the fresh malware was almost not detected by antiviruses.

    3. Playing on the desire of the user to access the desired content

    The user is attracted to the attacker's site, under the pretext of accessing content (video, for example), he is invited to download the codec \ driver \ unpacker. Curiosity once again prevails over the mind ...

    • Never follow such links and especially do not run if you still downloaded. Yes, the installation of a special codec for watching videos, for example, is necessary on some legal sites that embed ads in a video. Do you need it? Better to find the same thing elsewhere.
    • Use antiphishing filters built into modern browsers and antiviruses, do not ignore their warnings.

    4. Imitation of live communication

    The fact that emails with pleas to send SMS or poke a link are pouring into e-mail and various instant messengers is no surprise, fortunately most users have learned not to pay attention to it. Therefore, the villains are mastering new ways.
    In January of this year, ICQ users were attacked by the malware “” or “ H1N1 ”, which infected a user's computer and was sent to all his contacts, moreover, in response to phrases like “what kind of virus is ... ???” and “are you a bot?”, quite inappropriately answered “no, this is a flash drive about a pig, look :)” or “you are a bot =”.


    As the code analysis showed, the virus simply looks for keywords in the message (spammer, virus, bot, etc.) and throws out the phrase somehow correlating with the meaning of the keyword. With all the simplicity of implementing “intelligence,” this approach has proven extremely effective! Many users who considered themselves relatively advanced in the field of computer security were hooked. It’s scary to think what will happen if you embed a normal chat bot in such a trojan ... In fairness it should be noted that the first such case was already in 2005 .

    • Do not accept files or follow links received from unfamiliar contacts.
    • When receiving files, even from best friends, pay attention to a suspicious change in style and manner of communication, it is better to ask a few more times to describe the contents of the file.

    5. "Travel apple"

    Due to the total cost reduction of various storage media, in particular flash, an attacker may not regret to throw a disk or flash drive with a trojan right on your doorstep. A burning desire to see what is there, most likely, will prevail, the user will plug in the drive and activate the malware (quite possibly using one of the above methods), which the attacker sought! Sicness has already talked about his experience of throwing an apple.

    • Check on a separate isolated machine all the storage media coming to the company from unverified sources.
    • If you work in a serious company and “suddenly” find something on the way to work, you should refrain from doing your own experiments and transfer the medium to the IT security service for verification.
    • On the other hand, if you are an ordinary student or a plumber, it is unlikely that anyone will specially throw flash drives in front of you :). However, it is better to check for finds in the virtual machine.

    Antelle's tip is another method.

    6. Exploitation of user fears

    As a rule, people try to convince a person that his computer is teeming with viruses, that personal data and passwords leak to hackers, allegedly spam is sent from his IP, etc. To solve all the problems, it is proposed to immediately download and install a certain “antivirus” (be careful, many of these “solutions” completely copy the interface of widely known products). After installation, either the system is locked, with the requirement to pay for the “product license”, or simply another batch with any functionality is downloaded in batches to the user's computer.

    • Never react to warnings that pop up on various dubious sites that your computer is infected, you are in danger, etc.
    • Use only well-known brands of antivirus software; always download distributions exclusively from the official website of the company.

    Also popular now: