Social engineering, a non-technical breach of security that relies heavily on human interaction and tricks users into breaking normal security measures, remains popular among virus writers.
Five years ago today LoveLetter was detected. The worm first appeared in the far east and quickly reached epidemic proportions.
LoveLetter was one of the first, and most notable, examples of social engineering. It arrived as an attachment to an innocent looking e-mail containing the subject line ‘I LOVE YOU’ (and who doesn’t like to receive a love letter?) and the body text ‘Kindly check the attached LOVELETTER coming from me’.
In an effort to put unsuspecting users further off their guard, the attachment had a double extension, LOVE-LETTER-FOR-YOU.TXT.vbs. Since Windows Explorer doesn’t show extensions by default, it was not obvious that the attachment was anything more than a plain text file. For good measure, LoveLetter also used mIRC to spread and downloaded a password stealing Trojan to the infected machine.
Successful threats (from the author’s point of view, that is) typically spawn further variants. LoveLetter’s success, together with the fact that the VBS source code for the worm was easily accessible, led to a large number of variants in the months following its release.
Loveletter showed how useful social engineering can be in spreading malware. So it’s not surprising that it continues to be widely used. Sober.p, which has caused outbreaks in various western European countries, owes some of its success to social engineering. It arrives as an attachment to infected messages which use a range of subject headers, messages and attachment names in both English and German. Some of the messages appear to promise tickets to the World Cup in 2006 – and who wouldn’t want World Cup tickets?