Storm and the Future of Social Engineering

Albert writes "Storm shows several key characteristics, some new and advanced. It uses cunning social engineering techniques — such as tying spam campaigns to a current event or site of interest — as well as a blend of email and the Web to spread. It is highly coordinated, yet decentralized — and with Storm using the latest generation of P2P technology, it cannot be disabled by simply 'cutting off its head.' In addition, Storm is self-propagating — once infected, computers send out massive amounts of Storm spam to keep recruiting new nodes."

Self created problem?

Social engineering is often a bit of a self created problem. Look at this (legitimate, yes, I confirmed) email I got today. I reported a very easily reproducible bug, in a internet hosting (for a client) software package. Here is there response:

Hi Eric

Please forward us the username and password that your using so we can login and test this problem

Cheers,

Bruce Renner
Betta Computer Services Pty Ltd
Unit 2 / 55 Tradelink Rd, Hillcrest, 4118
Ph: 3809 2999
Fx: 3809 3999

http://www.bettacomputers.com.au

Note: This message may contain privileged and confidential information that is the property of the intended recipient. The information herein is intended only for use of the addressee. If you are not the intended recipient, then you are requested to return e-mail to Betta Computer Services Pty Ltd and destroy any copies made. Copying or disseminating any of this message is prohibited. Any views expressed in this message are those of the individual sender and may not necessarily reflect the views of Betta Computer Services Pty Ltd.

Re:ZOMG BOTZ

[Magada]

Speaking as someone who's in the business... pretty much, yes. Also, IronPort is on a charm offensive because of the takeover - trying to convince everyone that they won't be less nimble now that they're chained to the big ol' dinosaur in the corner.