A friend forwarded me a link about a whole new breed of social engineering attack discovered by PC Tools that can actively chat (and flirt) with people in chat rooms, all in the effort to capture personal information. Mike Greene, vice president of product strategy at PC Tools, said they learned about this Cyberlover's existence by monitoring a Russian IRC malware chat room.
The program mimics online flirtation, and is so convincing that most people cannot distinguish between a flirt-bot and a real person. I have always been interested in the Turing Test, which supposes that, if someone can carry on an online conversation with someone else and not tell that who they're talking to is a computer program, then that machine has achieved artificial intelligence.
Who ever knew that the Turing Test would first be broached by a social-engineering cyberscam? Of course, the real Turing Test is conducted by a judge looking for conversational flaws, which is quite different than folks in chatrooms looking for some saucy give and take -- but still, it surprises the hell out of me.
As reported by CNet, the pseudo-lover can offer a range of chat personalities, from 'romantic lover' or 'sexual predator,' or can be used to direct victims to a web site in order to deliver a malware load. The app can establish up to 10 relationships in 30 minutes, and compiles a report on each 'relationship,' complete with name, contact info...whatever info the cyber-duped gives up.
"As a tool that can be used by hackers to conduct identity fraud, CyberLover demonstrates an unprecedented level of social engineering," PC Tools senior malware analyst Sergei Shevchenko said.
Currently, the heart-killer app is targeting Russian chatrooms, and while Greene could not say how widespread it was being used, he estimated it must still be in the early stages. To counter this, obviously, no one should use their real names in chat rooms, and should never give away personal information with unknown chats.
This could call every IM and chat into question. I mean, who knows if the person who forwarded me this story really was my friend? So be careful out their, clickers.
Leave a comment