Forwarded from: Dude VanWinkle <dudevanwinkle (at) gmail.com> Didn't see this here, and thought it should be mentioned http://www.news.com/8301-13860_3-9831133-56.html By Ina Fried December 7, 2007 Those entering online dating forums risk having more than their hearts stolen. A program that can mimic online flirtation and then extract personal information from its unsuspecting conversation partners is making the rounds in Russian chat forums, according to security software firm PC Tools. The artificial intelligence of CyberLover's automated chats is good enough that victims have a tough time distinguishing the "bot" from a real potential suitor, PC Tools said. The software can work quickly too, establishing up to 10 relationships in 30 minutes, PC Tools said. It compiles a report on every person it meets complete with name, contact information, and photos. "As a tool that can be used by hackers to conduct identity fraud, CyberLover demonstrates an unprecedented level of social engineering," PC Tools senior malware analyst Sergei Shevchenko said in a statement. Among CyberLover's creepy features is its ability to offer a range of different profiles from "romantic lover" to "sexual predator." It can also lead victims to a "personal" Web site, which could be used to deliver malware, PC Tools said. Although the program is currently targeting Russian Web sites, PC Tools is urging people in chat rooms and social networks elsewhere to be on the alert for such attacks. Their recommendations amount to just good sense in general, such as avoiding giving out personal information and using an alias when chatting online. The software company believes that CyberLover's creators plan to make it available worldwide in February. Robot chatters are just one type of social-engineering attack that uses trickery rather than a software flaw to access victim's valuable information. Such attacks have been on the rise and are predicted to continue to grow. Update 4:10 p.m. PST: Mike Greene, vice president of product strategy at PC Tools, said that the company learned of CyberLover's existence earlier this week as part of its regular monitoring of IRC chat rooms and other places where talk about malware takes place. Greene said that it is hard to tell how prevalent use of the program is in Russia. "We don't have exact statistics, but I think it's early on," he said. Greene said that the perceived anonymity of the Internet has desensitized people to the fact that information disclosed in an online chat can cause real-world damage. "People are used to not opening attachments or maybe not clicking on a link that shows up in their IM," he said. "But this emulates a real conversation, so you more are likely to give over personal information, click on a link or send your photograph." __________________________________________________________________ Visit InfoSec News http://www.infosecnews.org/
This archive was generated by hypermail 2.1.3 : Mon Dec 10 2007 - 23:04:01 PST