Social engineering is defined in Wikipedia as:

the act of manipulating people into performing actions or divulging confidential information

and that's about as good a definition as any I've found - it is short, and accurate - and to be sure, virus and trojan writers, even phishing email senders are very well practiced at social engineering - their holy grail is to get you to give them your personal details - this would be the short-con artists of the 'phishing email' - those emails which pretend to come from your bank, or from Paypal - they direct you to a website that may be an almost perfect copy of your usual login screen - and ask you for your personal details. Many of these will then redirect you to the "password incorrect" page of your REAL bank - so when you enter the details again, you actually get in to you bank and suspect that nothing is wrong! Crafty eh?

Next step down in terms of their direct attack vector, would be the virus writers, browser exploiter and trojans horse writers. These come in a few different forms.

Posted by Greg Hewitt-Long in Adware, Spyware and Trojans at 09:01

The German government is teaming up with ISPs to help its citizens remove malware from their PCs. Microsoft says it welcomes the initiative.

By Emil Protalinski

The German government is planning to establish a malware cleanup helpline for its citizens. Announced last week at the fourth German IT summit in Stuttgart, the project is due to start in 2010. Internet Service Providers (ISPs) will team up with the German Federal Office for Information Security (BSI) as well as eco (Association of the German Internet Industry) to clean consumer systems from botnet infestation. ISPs will track down infected machines by looking for communication with botnet controllers, and then direct users towards a website offering advice on how to remove it. If suggestions on the website don't get the job done (or the site is blocked by the malware), users will be directed to a call center. No funding details were provided (the exact sum contributed by the German government is not being disclosed), though about 40 employees will be taking phone calls and trying to fix problems.

Posted by Greg Hewitt-Long in Adware, Spyware and Trojans at 13:58

In just a couple of weeks you will be out of time to shop online and have that gift delivered in time for the holiday. I expect that there will be a surge in phishing attacks designed to take advantage of the panic factor. You get an email that says something to the effect that there is suspicious activity on your account or that your account will be closed if you don’t update your information, and so on. It may be a PayPal account, a bank account, a credit card account, or even an email account. You panic… I can’t have that account closed now, I have to shop, shop, shop!!!

Stop, Stop, Stop!!! Do not click on that link in the email Do not send your name and password. These are all phishing attacks. If the email was legitimate you could simply type www.paypal.com or www.amex.com, or whatever it is into your browser and log into your account there to see if there is a problem. You can call your bank.

Posted by Greg Hewitt-Long in Adware, Spyware and Trojans at 12:32

The security analytics firm 'Cyveillance' has found that Google search results have significant numbers (hundreds of thousands) of results that can distribute malicious software (malware) to unsuspecting Internet users.

This attack vector is triggered when a Google visitor clicks on a search result and the website attempts to download malware to their computers. The attack method also relies on inattentive webmasters who do not update the software on their sites and often unknowingly provide the material that appears in the search results.

Posted by Greg Hewitt-Long in Adware, Spyware and Trojans at 08:07