Less aggressive, more effective: social engineering with paid archives

Sergey Chernyshev Microsoft
Daniel Chipiristeanu Microsoft

The profitability of social engineering malware involving fake security software has inspired the bad guys to invent new money-making schemes at the expense of the ordinary user. Apart from the rogue anti-virus scam, there is another major subclass of socially engineered malware: paid archives. These are less aggressive by nature as they don't infect the system. Instead, they use a more cunning way to trick users into giving them money without using scare tactics - by getting them to pay for software that's otherwise free, or for pirated copies of paid software.

This paper will discuss the social engineering aspect of paid archives and provide in-depth analysis of the whole scheme - how the archives are generated using custom software installers, how users are tricked into buying the software, and how the money is earned and distributed by the bad guys.

 del.icio.us  digg this! digg this

Quick Links

Poll
Should software vendors extend support for their products on Windows XP beyond the end-of-life of the operating system?
Yes - it keeps their users secure
No - it encourages users to continue to use a less secure OS
I don't know
Leave a comment
View 24 comments

SMI Oil and Gas Cyber Security 2014

Virus Bulletin
In this month's magazine:
  • VBSpam comparative review March 2014
  • VB100 comparative review on Ubuntu Server 12.04LTS
  • The shape of things to come
  • Threat intelligence sharing: tying one hand behind our backs
  • The curse of Necurs, part 1
  • More fast or more dirty?
  • Tofsee botnet
  • Back to VBA
  • Is the security industry up to the new challenges to come?
  • Greetz from academe: No place to Hyde
Virus Bulletin 04 2014
Subscribe now!

Virus Bulletin currently has 231,342 registered users.