The CERT Coordination Center (CERT/CC) last week warned that users running IM and Internet Relay Chat (IRC) services are vulnerable to social engineering attacks that can turn their systems into attack platforms for distributed denial of service (DDOS) attacks.
CERT/CC says it has received reports indicating that intruders are using automated tools to trick users into downloading malicious software that allows the user's system to later be used as an agent in a DDOS attack. Among the approaches the intruders use is to entice users with offers to download software that improves music downloads or offers anti-virus protection.
One message CERT/CC reported tells the user his machine is infected with a virus and provides a URL where the user can get software to disinfect his machine. Clicking on the URL will lead the user to unwittingly download the malicious software.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=iCERT/CC says such an approach is a pure social engineering attack because it relies on the user to download and run the software. But, the CERT/CC incident note says, "the technique is still effective, as evidenced by reports of tens of thousands of systems being compromised in this manner."
If they succeed in compromising a system, intruders may exercise remote control over it, have access to confidential data, change and delete files and install other malicious code, CERT/CC warns.
Remedies include keeping anti-virus software up to date and not running programs from a source that is not known or trusted.
See the full CERT/CC incident report here.