Behavioural modelling of social engineering based malicious software

Matthew Braverman Microsoft

Some of the most active threats in the wild today exploit weaknesses in the component with the largest attack surface area in the end-to-end operation of a computer: the user. Malicious software such as Sober, Netsky, Bagle, and Mywife can take control of a computer not because of any software bug or vulnerability but because they somehow lure the user to execute them, usually by running an attachment of an email. This paper will provide examples of poignant social engineering 'exploits' over the past few years and attempt to construct a model, using telemetry from Microsoft's Windows Malicious Software Removal Tool, that can predict the prevalence of a specific social engineering threat based on its characteristics and appeal to the user.

VB Conferences

VB2011 (Barcelona)

VB2010 (Vancouver)

VB2009 (Geneva)

VB2008 (Ottawa)

VB2007 (Vienna)

VB2006 (Montréal)

VB2005 (Dublin)

VB2004 (Chicago)

VB2003 (Toronto)

VB2002 (New Orleans)

VB2001 (Prague)

VB2000 (Orlando)

VB99 (Vancouver)

VB98 (Munich)

VB97 (San Francisco)

VB96 (Brighton)

VB95 (Boston)

VB94 (Jersey)

VB93 (Amsterdam)

VB92 (Edinburgh)

VB91 (Jersey)

‘There is still nothing like a VB conference!’

Poll

Do you use the same password(s) across multiple websites?

Leave a comment
View 4 comments

VB2010

VB2010 will take place 29 September-1 October 2009 at the Westin Bayshore, Vancouver, BC, Canada. Early bird discount available until 15th June 2010.

Virus Bulletin currently has 190,911 registered users.

Fighting malware and spam