Friday, November 14, 2008

Social engineering at work

w01f sent me a malicious file that tricks victims into installing malware using social engineering. I tested it in a virtual machine and it is simple really.
Victim plays MP3. User is informed that a Codec is needed to listen to the song and is directed to a website to download the missing software. Victim installs "Codec". Wham!!! Victim trojaned.

If you had a decent AV software installed and updated, it would have prevented you from downloading the malware. However, there are crappy AV engines that failed to detect this malicious executable.

Don't be fools people! Always question every piece of software you are prompted to install.