Archive | Social Engineering


25 April 2008 | 5,983 views

Chocolate Owns Your Passwords

The same old story, if you ask people for something they will most likely give it without thinking of the consequences.. Even more so if you are a pretty girl, and in this case you offer someone chocolate. Hey who doesn’t love chocolate? I have to say I don’t love it enough to give out […]

Continue Reading

30 January 2008 | 21,379 views

Multilingual Worm Spreads Over MSN Messenger

Another MSN worm spreading with the same tactics as usual, “Wanna see my pictures before i send em to facebook?” and so on. The only really interesting thing about this worm is it sends the message in the language of the locale installed on the infected machine, this is pretty intelligent and is much more […]

Continue Reading

15 November 2007 | 4,359 views

Doubleclick Involved in Malware Distribution

We recently reported on thousands of people being hooked by big sites distributing malware, it now seems Doubleclick was the one at fault. It’s a pretty neat trick and a good spin on Social Engineering leveraging on the trustworthy nature of the sites. CNN even? Rogue anti-spyware software that pushes fraudulent PC scans has found […]

Continue Reading

07 November 2007 | 3,631 views

Thousands Hooked by Malware from Big Sites

If I recall this is not the first time this has happened, delivering viral payloads via banner ads and flaws in scripting. It seems that malware peddlers are getting more aggressive though, it obviously shows there is actual monetary value in infecting people and stealing their data. A subtle form of social engineering too, by […]

Continue Reading

04 July 2007 | 8,984 views

Trojan Mimicks Windows Activation Interface – KardPhisher

Recently a new Trojan popped up that mimics the Windows activation interface, phishing for credit card details and even the PIN number. The Trojan itself isn’t particularly advanced technically, it’s mostly just a social engineering attack. Symantec is reporting on a Trojan horse that mimics the Windows activation interface. What they are calling Trojan.Kardphisher doesn’t […]

Continue Reading

25 April 2007 | 5,857 views

Social Engineering Gets a Big Jewel Heist

It just goes to show, sometimes the simple things are the most effective. A box of chocolates can defeat all the most hi-tech security systems if you add a little charm. 21 million Euros of diamonds, that’s one hell of a catch. A thief has evaded one of the world’s most expensive hi-tech security systems, […]

Continue Reading

14 March 2007 | 6,010 views

Huge Online Loss by Swedish Bank Nordea – Claimed to be Biggest Loss?

A massive online heist, some (like McAfee) claim it’s the biggest ever online sting involving a bank, it’s comes in at about half a million pounds or or $1.1 million USD. Using some l33t0 custom trojan, it seems to be more a case of lack of education and the whole situation could have been avoided […]

Continue Reading

20 September 2006 | 42,948 views

Domain Stealing or How to Hijack a Domain

Please note this is an old technique again, just for learning purposes, learn how the old techniques worked and why they worked, then try and discover new ways to do things. Summary The sole purpose of the information contained in this advisory is to point out the flaws in InterNIC’s domain name handling system and […]

Continue Reading

30 August 2006 | 177,213 views

How to get Ops and takeover a channel on IRC Hack Hacking

I’ve been spending a lot of time online lately reading all kinds of stupid text files on how to “Takeover Ops Boi!!!”, “eLeEt WaYs To gEt OpS!!!”, “HOW TO GET OPS ON SERVER SPLITS”, etc. We all know none of these things work, at least not for me. They’re either written by morons, or they […]

Continue Reading

07 July 2006 | 8,681 views

‘Free’ USB Drives Defeat Company Security

This is an excellent case of Social Engineering, you could also consider it playing on human greed/ignorance/stupidity. Whatever you want to label it really ;) USB drives are a real security risk.. We recently got hired by a credit union to assess the security of its network. The client asked that we really push hard […]

Continue Reading