How YOU get a Ghost In Your Browser

[ahhaa]

I've been watching a couple recent threads here; with something between amusement and alarm.

You may have heard the hacker term of Social Engineering- that's how hackers con vital info out of trusting people so they can penetrate computer security systems- by just asking for it. Because of ego involvement, they also usually 'sign' their work.

Well, OK. The threads here are: How do you get infected? and Who is this guy that is trying so hard??? As of now, just the first has 52 replies and well over 1100 looks.

1. The author is fLYtRap. Now, handles usually mean something to their owner.

So here we have flytrap, hmmm; which also contains LYR (liar?)
The title also is the interesting double entender :how do you get infected?

(I should make a special point of this: I am not saying fLYtRap is a bad guy, I'm just saying his threads make a near perfect example.)

This thread starts out more or less suggesting you don't really need antivirus, tho the subject changes fast enough...
I am wondering if having an antivirus software makes any sense.
My point is that right now I have been online pretty much 24/7 since 2001 and I haven't catch anything except for spy cookies. As for Trojans I have a pretty good firewall, and this is been taking care of. So how do you get viruses on your machines?

Notice also that English doesn't seem to be his native language.

Before long, he has a 2nd thread going about firewalls.

My point is, with all the things that should have urged caution, us good-hearted folks explained in detail- with links- all about which protections are on our computers...

& in amongst all those helpful download links could easily be a link to a bogus site with the malware binaries, as discussed in this major Google overview:

The Ghost In The Browser
Unfortunately, even a single visit to an infected web site enables the attacker to detect vulnerabilities in the user’s applications and force the download a multitude of malware binaries.
Frequently, this malware allows the adversary to gain full control of the compromised systems leading to the ex-filtration of sensitive information or installation of utilities that facilitate remote control of the host.

more at: http://www.usenix.org/events/hotbots07/tech/full_papers/provos/provos.pdf

hmmm... you went ahead and clicked that link, didn't ya? well, in this case its really a Google article, but it might not have been.

thanks again to fLYtRap for a rare chance to publicly discuss social engineering!

[TooLFooL]

you read my mind..

[zoobie]

dunno why this reminds me of some lamer wanting everyone to make movs and flv's for the internet because his box couldn't read wmv's

[MOVIEGEEK]

I read his posts and they seem innocent enough,I think you're being a little paranoid.
Now if Flytrap asked how to hack a computer then I would be suspicious.

"Notice also that English doesn't seem to be his native language."

So does that mean anybody who doesn't speak English is a script kiddie?