There’s an "Avi Ben Stella" message going around about a kid in a coma. It's obviously a hoax, but it is more than that. It is a social engineering attack aimed at those who Google suspected hoaxes for more information.
How does this attack sucker the cautious? The "Avi Ben Stella" name is unique, so people who Google it will find the "right" web page - a page loaded with malware which will try to auto-download and infect their computer.
Best bet? As with all other messages of this nature, don't "pass it on". But in this case, don't even Google it.
And yes, I found this out the hard way. I first checked Snopes which listed it as “undetermined”. However, this is a new form of attack, and it's a new message, so I then searched Google in depth. I soon I hit a few of the earliest web pages with this key term. When I did, my firewall went into a frenzy, and I had to close the infected web page via the Task Manager.
So now we have it: a social engineering attack that takes advantage of “safe” behavior – Googling before posting or forwarding "to everyone you know". Those who want to play it safe should forego Googling and stick to trusted sites (like Snopes) and search within those sites for more information. It's not as broad a search, but it's safer.
As far as social engineering goes, it's pretty clever. It’s like infecting condoms with aids before they are used - only those who exercise due care are vulnerable.
Incidentally, this "keyword" approach to steering people to a specific web page has been used for years on auction and dating websites to help customers bypass the site's fee system.
© 2009 - Robert Lawton, all rights reserved
Tuesday, August 25, 2009
Subscribe to:
Post Comments (Atom)
THANK YOU! Great info.
ReplyDeleteThanks a lot 4 dat info! That was really needed! Now i'm gonna keep myself cautioned before doin such things!
ReplyDelete