Combining Social Engineering & Malware Implementation

Cybercriminals will often use a combination of social engineering methods and malware implementation techniques – in order to maximize the chances of infecting users’ computers:

Examples include:

  • Mimail
    This was one of the first worms that was designed to steal personal data from users’ online accounts.  The worm was distributed as an email attachment – and the email contained text that was designed to attract the victim’s attention.  In order to launch a worm copy from the attached ZIP archive, the virus writers exploited a vulnerability within the Internet Explorer browser.  When the file was opened, the worm created a copy of itself on the victim’s disk – and then launched itself, without any system warnings or the need for any additional action by the user.  
  • Hello
    A spam email – with the word ‘Hello’ in the subject line – stated ‘Look what they say about you’ and included a link to an infected website.  The website contained a script that downloaded LdPinch – a Trojan virus that was designed to steal passwords from the user’s computer, by exploiting a vulnerability in the Internet Explorer browser.