(Photo courtesy of brykmantra at Flickr)
Using a badge of authority to lure victims is nothing new in social engineering circles. I've written about instances, where law enforcement agencies and the IRS have been used to hook victims for all kinds of sinister purposes.
Another badge of authority frequently used is security software. Historically, a victim was required to download something to become infected. This isn't completely the case anymore -- with advancements in hacker techniques -- all a person has to do is to visit an infected site to make their system become sick.
Of course, the less technical versions (requiring a person to click on something) are still out there, also.
Just the other day, John Leyden (Register) reported that an Indian antivirus site, AVSoft technologies was infecting unsuspecting visitors with the Virut virus. This virus opens a "backdoor on infected PCs, allowing hackers to download and run other malware (or anything else they fancy) onto infected computers," according to John.
In case anyone want more information on the Virut virus, Symantec's definition can be seen, here.
Recently, I also read a post by Alex Eckelberry at the Sunbelt blog, which showed that affiliates of reputable security software companies were spreading malware:
We’ve seen a number of examples lately of legitimate security companies being advertised through malware.Alex finished his post with a sage comment for his peers:
It is important to note that this advertising is not from the companies themselves. It’s coming through affiliates (meaning, people who make commissions sale they refer).
Affiliate programs are a great way to spread the word on your product, but they need to be monitored carefully for abuse.Technology changes all the time, but the lures used to attract the unwary seem to remain the same. Interestingly enough, some of the same lures have been used for hundreds of years and will probably still being used long after this blog has been deleted by a search engine.
Alex's post, along with some interesting (educational comments) from people within the industry, can be seen, here.