Saturday, February 04, 2006

what is social engineering?

social engineering is the process by which an attacker exploits the social needs and/or desires of people and their behaviours in response to those needs and/or desires in order to engineer an outcome that is favourable to him/her...

basically it's tricking people into doing what you want them to do... a perfect example of this is the vbs/loveletter email worm... it exploited people's need to feel wanted and loved in order to get them to execute the worm... by trying to open what they thought was a message from a secret admirer, they would inadvertently execute the worm which would then send it's false promise of love to others...

this is used a great deal in malware - so much so that these days a piece of malware's success in the wild could be considered to depend more on how good it's author is at social engineering than on how good it's author is at programming...

back to index

0 comments: