Trusted Website + Social Engineering = Chaos
Who doesn’t use Wikipedia these days? Back in my days at the Academy, research usually consisted of visiting the library to look for relevant books. Then there came CD-ROMs and eventually online versions of Encyclopedias. These, however, came at a cost. Either you bought the CD-ROM or paid a subscription to the online Encyclopedia.
Kids today have it easier. Actually, not just kids, but anyone with information to look for, in general. First stop is usually Wikipedia, the user-contributed and maintained online Encyclopedia that anyone can edit. It’s a wiki, so any person can contribute, and others can make their own changes. If there are inaccuracies, or wrong edits, then moderators can simply revert to old versions.
Amazing, isn’t it?
The problem is that these wikis can also be taken advantage of. A bit of social engineering and some malicious code would create chaos among a community of users. Take for instance the German version of Wikipedia, which was recently the source of troubles for users.
The German version of Wikipedia has been hacked to spread malware to unsuspecting users.
Cleverly using an article about the Blaster worm as cover, they modified the article and placed a link to a so-called ‘fix’, and urged people to download it. Of course, anyone doing so that didn’t have up-to-date anti-virus and anti-spyware protection would have found malware installed onto their machines, instead of malware being taken away.
To make matters worse, the German hackers then spammed the online German community, urging them to visit the Wikipedia site for information on getting rid of the W32.Blaster worm. – IT Wire Australia
Wikipedia is viewed as an authoritative and legitimate site, so spam and phishing blockers (security features that are already built into the latest versions of FireFox and Internet Explorer 7) did not block off the offending site. Gullible users clicked away. Bam! Systems infected!
I guess this reinforces the Trust No One adage. It’s just like the Trojan Horse type malicious softwares of old.
[tags]security, virus, malware, wikipedia, technology[/tags]
