Social Engineering

Malicious people/worms are getting smarter and smarter. We know that they've always made use of social engineering to get people to do stuff like running programs to propagate them or to give money. From email attachments in the past, to phone scams and MSN worms these days.

We could learn a thing or two from these worms even, though it's best not to emulate them by writing worms of your own =)

Following is an excerpt from one of my MSN contacts. The worm has been trying to send out an image file ("conveniently" ZIPped up for you). And when the recipient doesn't respond in a timely manner (like I did), it tries to resend it again saying that he/she has "fixed the mess up"!

Names have been changed to protect the innocent =)

MSN_Contact says (18:03):
omg look at this pic so old!

MSN_Contact sends: (the ZIP file named image24.zip)

You have failed to receive file "image24.zip" from MSN_Contact.

MSN_Contact says (18:09):
sorry about the messup i fixed the pic! Try it one more time pz

MSN_Contact sends: (the same ZIP file named image24.zip)

You have failed to receive file "image24.zip" from MSN_Contact.