Socially Engineered Viruses

What the heck is a socially engineered virus? “Social engineering” means that the author of a particular virus or computer attack has designed their “product” so it relies on end users taking a specific action in order to deliver the “payload” or release the malicious code into the computer operating system. The author is trying to socially engineer, or change, user behavior.

The Bugbear email virus is an example of a socially-engineered virus which infected hundreds of thousands of computers worldwide. The UK, Australia and the US were worst affected, but the virus emerged in 100 different countries. The virus arrived in an email appearing to come from a friend, (e.g. a spoofed address), and had an attachment that looked okay, encouraging users to double-click on it and thereby become infected.

The virus was difficult to spot as the email has more than 50 different subject catch lines, many of which seem plausible, such as Market Update Report, Announcement, Scam Alert and Membership Confirmation.

The Bugbear virus has a vicious payload. It can compromise secure transactions and passwords, make computers vulnerable to hackers, disable anti-virus software and distribute potentially confidential emails. The virus replicates itself at a rapid rate. The virus is so active, computer users have received emails seemingly from themselves containing the virus. That would be funny if it weren’t so dangerous!

The Bugbear virus infects computers running the Windows operating system and an unpatched version of Internet Explorer 5.5. The software problem was patched by Microsoft almost 2 years ago, but some users still have not updated their computers. And it is still in circulation, even though most anti-virus programs have good protection from it. That’s because of all the end-users out there who do not update their virus definitions regularly, or at all.

Another example of a socially engineered virus was one which arrived as a warning about a virus circulating the Internet, and suggested that the recipient distribute the mail to everyone on their network. At countless organizations this led to a well-intentioned but poorly trained employee forwarding the infected email to everyone in the organization.

And yet another example was a very prolific email which had a subject of “Resign” and read something to the effect:

Dear user of e-mail server “”, Your e-mail account will be disabled because of improper usage in the next three days. If you are still wishing to use it, please, resign your account information. Further details can be obtained from the attached file.

I can almost hear the panic in the recipient’s mind as they immediately click on the attachment to find out more, only to infect their computer.

Hackers and other makers of scumware are actually beginning to employ people with psychological training to assist them in designing more advanced socially engineered messages. Their only objective is to get you to intentionally open the email and attachment in order to deliver the payload and unleash the virus.

The most recent socially-engineered delivery system is just now being reported in CNet News. It is targeting fantasy soccer league fans, luring them with an offer of Excel spreadsheets to track the performance of their team.

The XF97/Yagnuul-A virus can infect users’ .xls spreadsheets once the attachment is opened. The virus deploys an infected fantasy league file on the computer’s hard drive and may also modify a user’s data, according to an alert Monday from security company Sophos.

Don’t fall victim yourself. But more than that, make sure your employees, or others in your household, are properly educated as well. Always be sure to promptly install patches to update your operating software and application software. And keep your anti-virus definition sets up to date. Mine updates hourly throughout the day automatically; with no action required on my part.


To return to the main page of the blog, click here. To return to the blog Index, click here.

Other Links to this Post

  1. Law Practice Management » Blog Archive » Spyware Adversely Affecting Stock Prices — October 28, 2006 @ 6:40 am

WordPress Themes