Archive | Social Engineering


30 January 2008 | 21,375 views

Multilingual Worm Spreads Over MSN Messenger

Another MSN worm spreading with the same tactics as usual, “Wanna see my pictures before i send em to facebook?” and so on. The only really interesting thing about this worm is it sends the message in the language of the locale installed on the infected machine, this is pretty intelligent and is much more [...]

Continue Reading


15 November 2007 | 4,352 views

Doubleclick Involved in Malware Distribution

We recently reported on thousands of people being hooked by big sites distributing malware, it now seems Doubleclick was the one at fault. It’s a pretty neat trick and a good spin on Social Engineering leveraging on the trustworthy nature of the sites. CNN even? Rogue anti-spyware software that pushes fraudulent PC scans has found [...]

Continue Reading


07 November 2007 | 3,624 views

Thousands Hooked by Malware from Big Sites

If I recall this is not the first time this has happened, delivering viral payloads via banner ads and flaws in scripting. It seems that malware peddlers are getting more aggressive though, it obviously shows there is actual monetary value in infecting people and stealing their data. A subtle form of social engineering too, by [...]

Continue Reading


04 July 2007 | 8,972 views

Trojan Mimicks Windows Activation Interface – KardPhisher

Recently a new Trojan popped up that mimics the Windows activation interface, phishing for credit card details and even the PIN number. The Trojan itself isn’t particularly advanced technically, it’s mostly just a social engineering attack. Symantec is reporting on a Trojan horse that mimics the Windows activation interface. What they are calling Trojan.Kardphisher doesn’t [...]

Continue Reading


25 April 2007 | 5,824 views

Social Engineering Gets a Big Jewel Heist

It just goes to show, sometimes the simple things are the most effective. A box of chocolates can defeat all the most hi-tech security systems if you add a little charm. 21 million Euros of diamonds, that’s one hell of a catch. A thief has evaded one of the world’s most expensive hi-tech security systems, [...]

Continue Reading


14 March 2007 | 5,988 views

Huge Online Loss by Swedish Bank Nordea – Claimed to be Biggest Loss?

A massive online heist, some (like McAfee) claim it’s the biggest ever online sting involving a bank, it’s comes in at about half a million pounds or or $1.1 million USD. Using some l33t0 custom trojan, it seems to be more a case of lack of education and the whole situation could have been avoided [...]

Continue Reading


20 September 2006 | 40,863 views

Domain Stealing or How to Hijack a Domain

Please note this is an old technique again, just for learning purposes, learn how the old techniques worked and why they worked, then try and discover new ways to do things. Summary The sole purpose of the information contained in this advisory is to point out the flaws in InterNIC’s domain name handling system and [...]

Continue Reading


30 August 2006 | 172,817 views

How to get Ops and takeover a channel on IRC Hack Hacking

I’ve been spending a lot of time online lately reading all kinds of stupid text files on how to “Takeover Ops Boi!!!”, “eLeEt WaYs To gEt OpS!!!”, “HOW TO GET OPS ON SERVER SPLITS”, etc. We all know none of these things work, at least not for me. They’re either written by morons, or they [...]

Continue Reading


07 July 2006 | 8,666 views

‘Free’ USB Drives Defeat Company Security

This is an excellent case of Social Engineering, you could also consider it playing on human greed/ignorance/stupidity. Whatever you want to label it really ;) USB drives are a real security risk.. We recently got hired by a credit union to assess the security of its network. The client asked that we really push hard [...]

Continue Reading


26 June 2006 | 5,072 views

US Veterans Information Leaked on The Web

Another HUGE information leak from the US government, seems they can’t help themselves. Or perhaps people are just ramping up the efforts against them.. The Navy has begun a criminal investigation after Social Security numbers and other personal data for 28,000 sailors and family members were found on a civilian website. The Navy said Friday [...]

Continue Reading