Posted by: reformedmusings | January 7, 2009

Yet another reason to pitch Windows

By now, most are familiar with the malware spreading through the social networks like Facebook and Myspace. This one is just the latest in several rounds of malware on these sites using very effective social engineering. The malware only affects Windows machines, but the phishing aspects affects everyone.

Now ZDNet reports that these social engineering-type malware attacks have spread to LinkedIn. Unlike Facebook or Myspace, LinkedIn’s network targets business professionals. LinkIn is one of several sites where colleagues can connect across industries, and job seekers can connect with potential employers. The malware campaign exploits this by created a large number of bogus profiles that mascarade as legit ones, even leveraging Google keywords. LinkedIn warns its users not to accept connections from people they don’t know, so this mitigates the socially engineered attacks. Still, there will always be the 10% that don’t get the word or just have to see a video of some celebrity naked. Sheesh. This is truly a case of our sin finding you out (Numbers 32:23).

Overall, the criminals designed this campaign pretty much like past ones, trying to get the unsuspecting to download and install bogus video players (TubePlayer.ver.6.20885.exe). Of course, if you run Linux, then this doesn’t affect you. Plus, you didn’t pay a small fortune for the priviledge of being targeted for having your sensitive information stolen.

This harkens me back to the X-Files and Fox Mulder’s computer password: trustnoone.

Until Microsoft fundamentally changes the security architecture of Windows, which its customers would probably not tolerate, it will always be vulnerable to these attacks. Only a secure system like Linux, though not perfect, contains inherent security protections at the lowest levels. And did I mention that it’s free, as in free beer?

Advertisements

Responses

  1. Never knew that about Mulder, and I thought I had those characters memorized.

  2. Hi Mark,

    I’ve seen folks on the web say it is either trustno1 or TRUSTNO1. The episode that I remember it from has it all spelled out like I did above. I guess it depends who you believe. But either one fits my point above, so my conscience is clear, as usual.


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: