07 February 2012

Social Engineering Yourself A BotNet

Not too long ago the announcement about an Internet Sponsorship Law, SOPA, basically caused the Internet to blow up with people voting, supporting, and showing how much they disliked this proposed bill. The way the “Internet Community” came together is a lesson in mass influence itself, but we are going to focus on a different aspect of this drama.

BotNet Social Engineering Yourself A BotNetThe hacktivist group Anonymous reared its head in this debate to show it’s disdain for any law that would censor or prohibit the use of the Internet, and they do so using a form of social engineering.
One of the less influence based forms of social engineering involves drawing people to a website that is either loaded with malicious software/code or has downloads that are dangerous or infected. Apparently, Anonymous used this form of social engineering to create, in essence, one of the world’s largest botnets full of unsuspecting participants.

How?
Anonymous used its legions of faithful supporters to spread shortened links that drew interested parties to certain links. Since a user can’t possibly know what to expect when they load a URL, Anonymous capitalized on this to create it’s botnet.

As users went to the list of URL’s, their browsers were hijacked and then some code was executed. Once executed it causes the users browser to make a massive amount of requests to the targets websites (in this case DOJ and FBI). When you get hundreds or thousands or even more people hitting these malicious URL’s so much traffic is sent that it DDoS’ the sites in question.

What are the implications of this type of attack? This form of social engineering is pretty malicious. Even simple curiosity can make the site visitor an unwilling participant in an act that could be considered terrorism. This, of course, is a very serious matter as traffic from home or work users becomes inundated with this malicious traffic.

In the age of shortened URL’s, this kind of a story just makes it ever more clear that the user needs to take responsibility before clicking a link. These types of attacks are how people’s computers get hacked and how accounts are compromised. Now, it’s how massive botnets are created.