Behavioural modelling of social engineering based malicious software

Matthew Braverman Microsoft

Some of the most active threats in the wild today exploit weaknesses in the component with the largest attack surface area in the end-to-end operation of a computer: the user. Malicious software such as Sober, Netsky, Bagle, and Mywife can take control of a computer not because of any software bug or vulnerability but because they somehow lure the user to execute them, usually by running an attachment of an email. This paper will provide examples of poignant social engineering 'exploits' over the past few years and attempt to construct a model, using telemetry from Microsoft's Windows Malicious Software Removal Tool, that can predict the prevalence of a specific social engineering threat based on its characteristics and appeal to the user.

 del.icio.us  digg this! digg this

Quick Links

Poll
The Japanese government is reported to have commissioned a 'defensive virus'. Is 'defensive' malware ever a good idea?
Yes
No
I don't know
Leave a comment
View 11 comments

99 Subscription Promo

VB2012
VB2012 VB2012 will take place 26 - 28 September 2012 at the Fairmont Dallas hotel, Dallas, TX, USA.

Virus Bulletin currently has 224,242 registered users.