One thing I really like about Linux (and by extension, Mac OS-X) is that it is relatively safe from the ravages of social engineering attempts - most of the “click on me, tee-hee” stuff that marks the lot of nasty malware-hiding spams is either geared to the Windows x86 environment (which a lot of folks run using full administrator rights - BAD!!) or requires a user to execute the malware-activating code.
Of course, it is possible to do the same with OS-X or Linux, but the probability of successfully running the malware decreases with the tendency of Linux/OS-X to require root access as well as (in Linux) to make the script executable. There is the odd chance that one might find himself linking to a bad/untrustworthy Debian repository or flagging a file as executable, and/or running a untrustworthy shell script with SUDO… but all of that tends to take a little more effort than simply clicky-on-the-pretty-link many folks are accustomed to.
All of the extra keystrokes which Linux tends to require to setup and run a new program generally is sufficient to make a person consider and reconsider exactly what it is that he or she is doing, where as the one-time Windows click gives you maybe three nanoseconds of “Hanging Coyote Time“, where you realize that you’ve potentially just made one heck of a big boo-boo.
This is why I tend to only use my Linux box to check the several mail accounts that I have, as well as do my general web surfing.
But then, there’s my work computer - where I am forced by the kindness of Uncle Sam to use BillyWare (in this case, Windows XP).
Ah, the work computer. Supposedly protected by a nearly impenetrable wall of defenses, virus scanners, and Exchange server filters managed by a bunch of high-foreheaded spectacle wearing folks in a well-fortified place *somewhere in the USA*.
Which brings me to the meat of today’s post: The “E-Greetings” Spam.
Ordinarily, our Exchange server does a terrific job of catching spams - but lately we’ve been getting a lot of these:
I’ve already deleted two or three dozen of these, and suspect that someone or three in our rather large Active Directory has probably compromised themselves with whatever worm/payload that one of these mails triggers by opening the mail and clicking the link inside… thus making our entire AD vulnerable to these annoying (and potentially damaging) spams.
This is classic social engineering, and at least three of the variations (particularly the one marked from “You have received an egreeting from a [insert generic acquaintance such as classmate/co-worker/etc.]” spam which has been linked to a keylogging malware. Great for grabbing passwords and other confidential info.
It’s really effective too, in that it works off of a conditioning that some people (myself included) may have had from getting and sending e-cards from vendors like BlueMountain or Ynot!. (These e-cards are exceptionally popular in Japan, as well).
Some folks out there in virus-writing land never tire of trying to get into (your) data… and sadly, it will create havoc for an otherwise innocent industry of digital greetings, until those vendors come up with a more secure way of delivering their content. HTTPS comes to mind, but it all boils down to trust, and a small dose of common sense, especially when using with Windows and/or native MS products:
One must always be vigilant and even a tad paranoid when opening up email or attachments - and it never hurts to send an email or text/call your friend to be sure he or she sent it in the first place.