Slashdot Mirror

← Back to Stories (view on slashdot.org)

Syrian Social Hack Co-Opts Fighter's Computers

Posted by samzenpus on from the a-pretty-face dept.

hij (552932) writes "The BBC is reporting that Syrian government forces used a social hack to gain access to opposing forces computers. By acting like women sympathetic to their cause they were able to send images laced with malware to the fighters. From the article: "Fake 'femme fatales' have been used to steal battle plans and other data from Syrian opposition groups, a report suggests. The virtual women had been used in text chat on Skype to engage potential victims, security company FireEye said. And data had been stolen via booby-trapped images of the women to whom the victims had believed they had been chatting."

3 of 71 comments (clear)

  1. who still falls for this picture.jpg.exe nonsense? by Anonymous Coward · · Score: 5, Interesting

    A random stranger sends you an executable file and tells you it's their picture. Go ahead, click on it.

    Yeah, seems legit. Come on.

    Anyone who falls for such transparent hacking attempts deserves what they get.

  2. Re:who still falls for this picture.jpg.exe nonsen by mlts · · Score: 4, Interesting

    One of my E-mail accounts (relegated to being the spam/swill account with filters to scoop up anything from the sources I might use) that has been around since the 1990s still gets plenty of those, either "foo.jpg.exe or "foo.jpg .exe" with plenty of spaces between the two.

    Part of why this happens is the Dancing Bunnies hole. The receiver really wanted to see what the sender wanted to send, so ignored common sense.

    I've had this happen, when I thought the other person decided to have an auto-extracting document. Since it wasn't confidential, I uploaded the executable to virustotal, found that others had uploaded the same thing, it was a known Trojan. End of story. Had I still been unsure, I'd have put it in a virtual machine that is isolated from any physical network as a sandboxed user with zero privs. This, I do sometimes if I need to download some program from a download mirror, one notorious for wrapping the installer with their own scumware, so I can pull out the actual program installer out of the archive. The scumware happily installs and seizes control of the VM, but I then can use the extracted original files on a clean VM after I roll back to a known good snapshot.

    The best defense we have against malware is virtualization. Infecting a machine is relatively easy. Jumping out and nailing the hypervisor or the bare metal... not so much.

  3. Re:who still falls for this picture.jpg.exe nonsen by Anonymous Coward · · Score: 2, Interesting

    According to the second link (PDF warning) it was "picture.pif" which was just a renamed self-extracting RAR containing both a photo and a RAT payload.

    Now how many people - nerds included - could tell you what a .pif is off the top of their head? Admit it, plenty of you (myself included) would have to look it up because it's probably not something we encounter every day. The real difference between someone who falls for it and someone who won't is that the latter will think "If I don't recognize it I'm not touching it with a 10 foot pole" and the former goes "PIF sort of resembles PICture, maybe it's a PIcture File? Screw it, I want to see if she's a hottie." So yeah, sadly this kind of bait (with sex) and switch stuff still works and probably won't stop working until our species is extinct.