Its simply using social engineering techniques but with dynamic content: The main use of this would be spreading via Email or IM etc.
So how do we get our dynamic content? simple: RSS Feeds.
This is also where our social engineering techniques come into play:
We use popular RSS Feeds on topics such as the News, Sports, etc.
Lets take the BBC: The BBC has a RSS Feed which is updated regularly with new content which gives us constant fresh data to work with. The fact it is stored in XML means it makes it very easy to parse the content and manipulate it to our needs.
Using the News gives us the Social Engineering edge. The victim is more likely to accept something which they have read/heard about on TV, News Paper etc.
IM Example:
Template:
Hey you heard about *NEWS SUBJECT* ?
*NEWS CONTENT*
Look at this *LINK/ZIP*
With Real Data (Taken from BBC News RSS Feed):
Hey you heard about Venezuela army helicopter crashes ?
A military helicopter has crashed in Venezuela killing at least 18 people on board, President Hugo Chavez says.
Look at this http://www.badguy.com/evilwebpage.htm
No comments:
Post a Comment