Social Engineering
An essential instrument in the hackers toolkit for attacking one of the least secure parts of the system.
A worm spreading through the popular WhatsApp messenging platform across Android devices is likely to cause plenty of confusion, even though it doesn't cause much harm. Priyanka changes all contact groups names to Priyanka as well as contact names. The malware makes no use of exploits and vulnerabilities and only spreads …
That's old skool malware right there, that is. Remember the good old days when a virus simply gave you the BSOD or deleted the contents of your HD? These days it's all steal-your-bank-details this, and perv-on-you-via-your-webcam that. Dull dull dull. Viruses that did nothing but annoy you in a variety if interesting ways where so much blah-blah things were better in my day etc.
This post has been deleted by its author
I have been thinking this for years! Viruses like Win32/CIH which brought our entire college network down in 4 hours was an amazing sight to see, though granted it might not have done so had the computers been configured in a slightly better way, Dr Solomon was trying to remove the virus from the hard drive upon detection - but the computers at college had some odd security where one could write to the hard drive but one could not remove a file from the hard drive, and it seems that also applied to Dr Solomon.
The next day a team of engineers were running around the building with "Magic Bullet" on a floppy disk!
Ah the days when viruses were "just because" instead of "gimme all your info"
You've just reminded me of a "virus" someone wrote at college to allow unofficial .ini/exe files to run, otherwise prevented by the system. The brand new P200 computer lab quickly filled with people keen for a 16-player Quake deathmatch! Ah, such joy, especially as most of our home PCs were still of the 386/486 variety, barely able to lift doom off the ground.
Luckily we were caught by an IT guy who was more interested to find out how it had happened, rather than anyone who might have wanted to punish us...
If you want old school it was telling "I want to learn to be a hacker" noobs on IRC to start with flooding 127.0.0.1 and see them drop offline, or (pre-Internet) dropping the BBS modem carrier 5 seconds before the end of a 30min download by disliked user, and disabling the Zmodem resume function so he had to do it all over again..
No, time hasn't mellowed me. I just have less time.
Or doing the WinNuke thingy. All those Win9x boxes that would BSOD upon receiving a MSG_OOB packet, which made a good case for us to use Linux when telnetting or IRCing to hostile territories.
The interesting thing about WinNuke is that on LAN PCs it would only kill "the internet" (the interface would no longer have IP capabilities until reboot) but on dialup-connected PCs, the OOB packet would cause it to infinitely loop on BSODs and require a reboot. Had this happen to me a few times, before I blocked port 139, installed a patch and then for good measure added a port listener on the thing. Ironically, it was the only way to read the messages the 'h4><><0125' sent with said attack...
"Simply ignoring the dodgy contact request prevents any damage."
And yet it's spreading wildly across Android users, proving that it's not the OS that is the principle vulnerability, but the user.
Remind me again what Android is - it's a linux variant, isn't it? And we all know that linux environments are immune to attacks and are the safest in the world. Oh, wait, it's the app. But the app on Apple or Windows doesn't have the problem.
My point - stop bashing the OS and start teaching users safer ways to use them.
Since so many computing devices these days involve neither keyboards nor chairs, we need a new acronym to describe the error condition formerly known as PEBKAC.
Off the top of my head, I submit the admittedly mediocre PEBSAS - Problem Exists Between Screen And Sky. But I'm sure all the BOFHs among the commentards here can do a lot better. Suggestions in reply to this comment are eagerly awaited...