[ISN] Warning sounded over 'flirting robots'

From: InfoSec News (alerts@private)
Date: Mon Dec 10 2007 - 23:01:27 PST


Forwarded from: Dude VanWinkle <dudevanwinkle (at) gmail.com>

Didn't see this here, and thought it should be mentioned

http://www.news.com/8301-13860_3-9831133-56.html

By Ina Fried
December 7, 2007

Those entering online dating forums risk having more than their hearts 
stolen.

A program that can mimic online flirtation and then extract personal 
information from its unsuspecting conversation partners is making the 
rounds in Russian chat forums, according to security software firm PC 
Tools.

The artificial intelligence of CyberLover's automated chats is good 
enough that victims have a tough time distinguishing the "bot" from a 
real potential suitor, PC Tools said. The software can work quickly too, 
establishing up to 10 relationships in 30 minutes, PC Tools said. It 
compiles a report on every person it meets complete with name, contact 
information, and photos.

"As a tool that can be used by hackers to conduct identity fraud, 
CyberLover demonstrates an unprecedented level of social engineering," 
PC Tools senior malware analyst Sergei Shevchenko said in a statement.

Among CyberLover's creepy features is its ability to offer a range of 
different profiles from "romantic lover" to "sexual predator." It can 
also lead victims to a "personal" Web site, which could be used to 
deliver malware, PC Tools said.

Although the program is currently targeting Russian Web sites, PC Tools 
is urging people in chat rooms and social networks elsewhere to be on 
the alert for such attacks. Their recommendations amount to just good 
sense in general, such as avoiding giving out personal information and 
using an alias when chatting online. The software company believes that 
CyberLover's creators plan to make it available worldwide in February.

Robot chatters are just one type of social-engineering attack that uses 
trickery rather than a software flaw to access victim's valuable 
information. Such attacks have been on the rise and are predicted to 
continue to grow.

Update 4:10 p.m. PST: Mike Greene, vice president of product strategy at 
PC Tools, said that the company learned of CyberLover's existence 
earlier this week as part of its regular monitoring of IRC chat rooms 
and other places where talk about malware takes place.

Greene said that it is hard to tell how prevalent use of the program is 
in Russia.

"We don't have exact statistics, but I think it's early on," he said.

Greene said that the perceived anonymity of the Internet has 
desensitized people to the fact that information disclosed in an online 
chat can cause real-world damage.

"People are used to not opening attachments or maybe not clicking on a 
link that shows up in their IM," he said. "But this emulates a real 
conversation, so you more are likely to give over personal information, 
click on a link or send your photograph."


__________________________________________________________________      
Visit InfoSec News
http://www.infosecnews.org/



This archive was generated by hypermail 2.1.3 : Mon Dec 10 2007 - 23:04:01 PST