.

15 December 2007

InfoSec News Subject: [ISN] Warning sounded over 'flirting robots'

Here is a great story from ISN on Tue, 11 Dec 2007 01:01:27 -0600 (CST) - now the bad guys can extract personal info using flirting robots. Talk about paranoia for online dating!

"http://www.news.com/8301-13860_3-9831133-56.html
By Ina Fried, December 7, 2007

Those entering online dating forums risk having more than their hearts stolen. A program that can mimic online flirtation and then extract personalinformation from its unsuspecting conversation partners is making the rounds in Russian chat forums, according to security software firm PCTools.

The artificial intelligence of CyberLover's automated chats is goodenough that victims have a tough time distinguishing the "bot" from areal potential suitor, PC Tools said. The software can work quickly too,establishing up to 10 relationships in 30 minutes, PC Tools said. It compiles a report on every person it meets complete with name, contactinformation, and photos."As a tool that can be used by hackers to conduct identity fraud,CyberLover demonstrates an unprecedented level of social engineering,"PC Tools senior malware analyst Sergei Shevchenko said in a statement.

Among CyberLover's creepy features is its ability to offer a range ofdifferent profiles from "romantic lover" to "sexual predator." It canalso lead victims to a "personal" Web site, which could be used todeliver malware, PC Tools said.

Although the program is currently targeting Russian Web sites, PC Toolsis urging people in chat rooms and social networks elsewhere to be onthe alert for such attacks. Their recommendations amount to just goodsense in general, such as avoiding giving out personal information andusing an alias when chatting online. The software company believes thatCyberLover's creators plan to make it available worldwide in February.

Robot chatters are just one type of social-engineering attack that usestrickery rather than a software flaw to access victim's valuableinformation. Such attacks have been on the rise and are predicted tocontinue to grow.

Update 4:10 p.m. PST: Mike Greene, vice president of product strategy atPC Tools, said that the company learned of CyberLover's existenceearlier this week as part of its regular monitoring of IRC chat roomsand other places where talk about malware takes place.Greene said that it is hard to tell how prevalent use of the program isin Russia."We don't have exact statistics, but I think it's early on," he said.Greene said that the perceived anonymity of the Internet hasdesensitized people to the fact that information disclosed in an onlinechat can cause real-world damage."

People are used to not opening attachments or maybe not clicking on alink that shows up in their IM," he said. "But this emulates a realconversation, so you more are likely to give over personal information,click on a link or send your photograph."


via Aide-mémoire

No comments: