14 DAY TRIAL // Free pornography will prevail even against Windows Vista. There is little doubt about this aspect, and the fact that we tend to repeat history is an argument typical for this status quo. Pornographic content is used both as a vessel and as an incentive to serve malicious code designed to infect the Windows operating system. This practice is nothing new, in fact it is as common as spam, and even connected to spammed emails as well as various downloads promising the users the codecs or the ActiveX control necessary to access sexually explicit videos. And yet, this aspect of social engineering is destined to survive even with Windows Vista.
You will be able to see the manner in which free porn is used in order to get users to transform themselves into victims. Security companies Sophos and Symantec have such examples related to video pornographic content. In addition, Sophos also illustrates how female Hollywood stars are used as incentive to infect Windows-based computers with malware. And the truth is that there is nothing that will function against social engineering techniques, be them the promise of free porn, easy money or any type of free materials from software to pirated movies. All of them can just as easily contain malicious threats and should be interpreted as threats or at least as potential risks.
Social engineering is not a security vulnerability residing in software, and as such, there will be no updates, no patches and no plugs. Not even mitigation measures. Only user education. But it will not be sufficient. Just watch the video fragment at the bottom in order to get an idea of what I am talking about. In fact, the only way that users are going to be safe is when malware authors and attackers manage to screw up. Sophos gave an example of a spamming campaign designed to spread the Pushdo Trojan Horse, where the authors went overboard with the promises of adult content to the level where the emails were all blocked by spam filters and never made it to the end users.
"What is antivirus protection worth when users try all the tricks they know to see the Loveletter.jpg.vbs picture; why do they double-click on executable files? No matter whether it's Kournikova, Labor Day greetings cards, or just an "undeliverable message" with "details" attached, many users don't care. Home users risk their privacy and may lose the ownership of their machines, but they can't resist the temptation. Corporate users are sometimes even less careful, as it's not their machine and if it's broken, it's not their problem. The IT department will fix it. Is it that hard to think twice? Don't users know enough about risks? Don't they know about the consequences of an outbreak? Next time you receive an unexpected (mail)-delivery, think twice before you let it pass your last line of defense", advised Dirk Kollberg, McAfee security expert.