that 80% of the world's e-mails are spam. That is, email messages that the recipient does not need at all (and this is sad). But as if that weren't enough, spam often includes letters sent for malicious purposes: for example, to steal or delete data, or extortion.
KDPV:
As we know, in order for a letter to really harm computer systems, simply delivering the letter to the recipient in most cases is not enough. A “cooperative opponent” is required, i.e. the user must independently perform actions that will lead to the execution of the attacker's intention.
Usually such an action is "opening" the file attachment to the letter, that is, manually starting the processing of the file by the corresponding handler program inside the user's operating system.
Even more sadly, the helper opponent is not uncommon, and our attacker spammer can count on him.
And this leads to
In short, our accountant opens an account, and there is not even an account at all, but a virus.
Malicious emails, of course, have important differences. But relying on the attentiveness and consciousness of users is a bad idea. Even daring concerts on the topic “don't open this” with fireworks and a solo vocal performance by the general director (composition “Polymers”) are erased from the memory of an office worker over time.
Of course, well-configured systems will protect us from most of these attacks. But the key word is still “from the majority”. No one will give a XNUMX% guarantee; and if it reaches the user, then strengthening it, as one of the weakest points of the systems, is a good deed.
In computer villainy, technology and social engineering go hand in hand. The attacker realizes that it is difficult to pretend to be someone whom the user trusts unconditionally, and therefore is forced to use other tactics: intimidation, coercion, imitate recognized authorities and / or use appropriate false names - for example, send letters on behalf of government agencies and large companies.
And, as the ancients teach us: if we cannot win, we must lead. Indeed, why are we worse than spammers? Yes, we are much better! Yes, we have more options. And the task itself will require the most minimal programming skills and will practically not affect existing systems.
Disclaimer: the author is not a spammer, the spammer is not an author. The author is only and exclusively on the side of good.
The task is very simple:
we ourselves will send letters to our users that look like malicious ones. As attachments to these letters, we will attach documents, where we will write in large letters “DO NOT OPEN DOCUMENTS FROM SUCH LETTERS. Be careful and careful."
Thus, our problem has the following terms:
Condition 1. Letters must be different.. If we send out the same email to everyone every time, then it will be no different from ordinary meeting reminders, to which users are immune. We must stimulate the user's system responsible for learning. This results in the following conditions:
Condition 2. Letters must be authentic.. Sending letters from Meat-Company LLP or Barack Obama is possible, but inefficient. It makes sense to use real-life (and different!) names of organizations and bodies;
Condition 3. Also it is important that the letters look a little strange. They must be somewhat questionable in order to arouse suspicion and the user and activate the learning system in the brain;
Condition 4. And with all this letters should attract attention and provoke. Well, everything is simple here, we don’t even need to invent anything: the spammers have already done everything for us. “Penalties”, “Judgments” and even just “Documents” in attachments, “Forfeits”, “Recalculations”, “Penalty” in the subject and a lot of words “Urgent”, “Immediately”, “Obliged”, “Pay” in the text - and it's in the hat.
To implement this magical set, you will need minimal programming skills and a boring evening. The author used Python 3 (because I needed to practice) and JS (for collecting data, directly from the browser console). But most of the code is easily implemented on native OS tools (bash, cmd), you only suffer with encodings.
In fairness, it should be noted that the idea itself does not belong to the author, but was spied on by one large international company. Nevertheless, the idea is so on the surface that, as soon as he heard it, the author rushed to implement it with cries of “why didn’t I do it before”.
So, first of all, we need parts from which we will compose a letter. Let's start with the From field - who will threaten our shy users. Well, who: of course, banks, tax inspectorates, courts and all sorts of strange LLCs. At the same time, you can add templates for future auto-substitution, like PAO CmpNmF. See from.txt
Now we need, in fact, the names. Romashka and Vector LLC, as well as some endlessly repeating "Moscow Court" are unlikely to evoke a response in the souls.
Fortunately, the Internet gives us simply amazing opportunities to obtain information. For example, can be obtained with a simple JavaScript command directly in the browser console, code like:
for (let el of document.getElementById("mw-content-text").querySelectorAll("li")) {console.log(el.innerText;)}So you can quickly very quickly gain an excellent base for our tasks (especially since the author has already done this for you 🙂). We will save in Plain text, the database for such a task is an overkill. The project uses UTF-8 encoding with BOM, in case the most specific characters are used. See in txt files with appropriate names.
Next, we need to generate a correct (from the point of view of the standard, but not necessarily existing) email address of the sender so that our letter is correctly displayed and forwarded correctly. For some of the titles, the author used fixed domains, for some - auto-generation from the title using the transliteration library, something like Vector LLC -> [email protected]. The name of the box is taken from the list in the code and is also meant to inspire awe: "vzyskanie", "shtraf", "dolg", 'alarm' and other "zapros".
Now - the subject of the letter.
The subject must necessarily attract attention, otherwise the letter will go unnoticed. Unleash your inner scarecrow of accountants, and everything will work out: “Closing the account (s) (CmpNm)”, “Chief Accountant (CmpNm)”, “Requirement (for CmpNm)” “Pay immediately (!!!)” and other pranks.
See subj.txt. Add to taste, mix, do not shake.
The text of the letter should be somewhat strange. We have already attracted the attention of the user, now our task is to arouse suspicion. Therefore, there is absolutely no point in trying at this point. Let's take threatening phrases from spammers and combine them arbitrarily, XNUMX% certainty will only hinder us. It will turn out nonsense like:
(важная) Информация (ООО "ТЕСТ") По счёту в порядке судебного разбирательства
откройте документы во вложении
постановление во вложении
See msg.txt. Additions are welcome.
And finally, investment. The project currently provides 3 types of attachments: pdf, doc, docx. Files are copied from the samples without changing the content, the attachment file is given a name from the list (“Decree”, “Judgment”, etc., see flnms.txt). For the first two types, the size is randomly generated by adding zeros to the end of the file. This does not work with docx (although after the Word recovery procedure, the file opens; and LibreOffice, for example, opens docx files without swearing, to which third-party files are added through the archiver interface).
And we will get such a miracle:
You can send:
gen_msg.py [email protected]
Actually, that's all. Cases for an hour, but benefits ... But there will be benefits. For the theory is dry, but the tree of life is lush green - explanations do not reach, reminders are forgotten, and people learn skills only in practice. And we'd rather be teachers than restore everything from backups later, right?
Only registered users can participate in the survey. , you are welcome.
Have you tried it on your users? How are the results?
-
Present in several = 0,0%No one bought, deleted without question0
-
Present in several = 0,0%Some reported suspicious emails, attachments did not open0
-
Present in several = 50,0%Some opened attachments (I'll tell you in the comments what happened next)3
-
Present in several = 50,0%Got a stick from the authorities3
6 users voted. 21 user abstained.
Source: habr.com