Goodies to Go ™
September 24, 2001–Newsletter #149
This newsletter is part of the internet.com network.
http://www.internet.com
Please visit https://www.htmlgoodies.com
************************************************************
Greetings, Weekend Silicon Warriors,
I’d like to do a study regarding how many times a
recorded on-hold message should proclaim, “Your call is
important to us. Please continue to hold and our next
available team member will be with you as soon as
possible.” I had the pleasure of being on hold, for long
time, twice this past weekend. On the first call, the line
was said to me once every 30 seconds. The second call
had the line said almost twice as much, about every 15
seconds. Even though the two calls had pretty much the
same on-hold duration, I was more upset with the one that
said the line more often.
Hmmm. I think I’m on to something here.
Did you hear
Take the best parts of the SirCam and Code Red viruses
and you get what’s floating around the Web right now.
The new virus is called W32/Nimda.A-mm and it is
wicked to say the least. The report I read (on Wired.com)
states that this virus can be tooled, in some email
systems, so that even clicking on the subject line or
visiting a Web site noted in the email will set it in motion.
I’d like to say be careful, but if clicking on the subject
will fire it, it’s going to get so many people. I’m going
back to answering my email right off the server. It’s
clunky and text-based, but nothing runs in that
environment.
A new form of hacking is starting to pop up, Patriot
Hackers. These are people that are defacing Taliban and
other sites representing those people the hackers see as
being responsible for the September 11th attack. You
should also keep an eye out for emails that claim to be
about the WTC bombing. The included images and files
may contain viruses.
NetRatings and Nielsen Media Research have released
the findings of a new study that shows Web use by
African-Americans is outpacing overall Internet growth.
The Web has grown 14 percent over the past year while
use by African-Americans rose 19 percent.
Now on to today’s topic
Let the Social Engineering begin!
Here we go again with more concerns over a new virus
that will overrun the Web and destroy all in its path.
Wellmaybe. Then again, maybe this time we’re smart
enough. Maybe this time we’ll catch the tricks and the
cons and this time the virus will stop dead in its tracks.
Nah. This one will get us too. It won’t destroy the earth,
but it will play havoc with a few systems. This one’s
called, “Nimda.” It sounds like a Disney character
doesn’t it? I think it was first seen in the Lion King if
I’m not mistaken.
We keep getting hit again and again with these viruses.
Wow. These virus-making programmers must be
stunning at hacking and cracking, right?
Nope. They are good at something they termed, “Social
Engineering.”
If there were an easy way, and a difficult way, of getting
the same job done, I would guess that most people would
choose the easy way. These virus programmers are just
like anybody else. They like the easy route. It’s hard to
hack into a system. It’s time consuming to find
passwords and get in there and place a virus.
It’s easy to get you to install the virus yourself. That’s
Social Engineering.
It’s a hacker mind game. How can we trick you, one
more time, into opening and running our new virus?
That’s the question to be answered. Answer it correctly
and you…wellwin, I guess.
Super hacker Kevin Mitnick describes Social Engineering
as gaining the trust of another person. In his “day,” he
would get on the phone and call those who knew the
passwords he needed. He knew the lingo. He knew how
to phrase his questions. He would mind game his way
right past any employee concern and kind people would
give him what he needed in a three-minute phone call.
Then he was off to the races.
Today the art of Social Engineering is much more
sophisticated. These emailed and wormed-in viruses
don’t have a soothing, kind voice on the other end of a
phone. They have to carry the persuasion right along
with them.
Think back. Do you remember the ILOVEYOU virus? It
was one of the first emailed viruses to hit it big. Can you
see why? Psychologist Michelle Weil knows why. She
states that the hacker played on the feelings of the reader.
Who wouldn’t want to open a love note? The timing of
the hack was equally as brilliant. It was near Valentines
Day.
That’s some good Social Engineering right there!
What about others? Some offered a funny joke. Others
offered naked pictures of famous celebrities. Others
offered deals on mother’s day gifts. If you hit the right
person and tug on the right heartstring, your email is
opened.
I think the epiphany in terms of hacking and Social
Engineering was when someone figured out how to make
one email program send messages to another without the
user knowing it.
An email that shows up, in your mailbox, from a friend,
is a very hard thing to resist. Let’s have a round of
applause for whoever came up with that one.
Let’s turn it around now.
I stopped by some sites dealing with the psychology of
virus makers and most were in agreement that someone
creates a virus for one, or a combination, of three reasons.
1. To see if it can be done,by them.
It’s a test on one’s skills.
2. To gain status as one who can write the
most “successful” virus.
3. The thrill of the harm it brings.
The same reason someone vandalizes.
That makes sense. It also leads me to believe that when
the Melissa virus clogged up all of the email portals, that
maybe the virus programmer was upset. He created a
virus that was so well designed that it defeated itself. It
blocked its own path to further explosion.
But by then, the program was out there and so was the
name of the programmer that did it. I won’t include it
here.
So here comes Nimda. From what I’ve read to this point,
it’s pretty nasty and it replicates with blinding speed. If it
does what its creator wants, it’ll spread all over the place.
It’ll bring problems all over the Web. And, maybe in his
or her mind at least, we will have brought it on ourselves.
After all, all the programmer did was send it out. You
pulled the trigger.
Right?
As John Lennon sang, “Keep on playing those mind
games.”
>>>>>>>>>>>>>>>>>>>>>.
That’s that. Thanks for reading.
Joe Burns, Ph.D.
And Remember: How about some Beatles trivia since I
mentioned John Lennon just above? I was once asked
who had the first number one hit as a solo artist after the
Beatles broke up. That’s easy. The Beatles broke up,
officially, on April 17, 1970. That’s when Paul
McCartney said he’d had enough. George Harrison then
popped off “My Sweet Lord” which reached number one
in December of 1970.
Lennon wouldn’t have his first number one as a solo
artist until 1974 when “Whatever Gets You Through the
Night” went to the top of the charts. No, “Imagine” was
not a number one song. It peaked at number three.
“Maggie May” by Rod Stewart was the number one song
at the time “Imagine” sat in the top ten.
Ringo hit number one twice in a row. He’s the only solo
Beatle to do that. The first was “Photograph” and then
“You’re Sixteen,” in October and December of 1973
respectively.
Now my favorite piece of solo Beatles trivia, name the
only Beatle to not have a number one hit as a solo artist.
Well, only one’s left, not counting Pete Best. But, you
say, Paul McCartney had a bunch of number one hits.
Well, he wrote and sang a bunch of number one hits after
the Beatles broke up. They are, “Uncle Albert/Admiral
Halsey,” “My Love,” “Listen to What The Man Says,”
“Silly Love Songs,” “With A Little Luck,” and “Coming
Up”.
The problem is that Paul McCartney wasn’t a solo artist.
He was (is) part of the band “Wings.”
Oh, I’ll get some email off of that one, just please don’t
write me and say that the real name of the band was “Paul
McCartney and Wings.” It wasn’t. I don’t care what
your local DJ called the band. The official name was just
“Wings.”