Behavioural modelling of social engineering based malicious software

Matthew Braverman Microsoft

Corporate stream: Wednesday 11 October 2006, 16:20 - 17:00.

Some of the most active threats in the wild today exploit weaknesses in the component with the largest attack surface area in the end-to-end operation of a computer: the user. Malicious software such as Sober, Netsky, Bagle, and Mywife can take control of a computer not because of any software bug or vulnerability but because they somehow lure the user to execute them, usually by running an attachment of an email. This paper will provide examples of poignant social engineering 'exploits' over the past few years and attempt to construct a model, using telemetry from Microsoft's Windows Malicious Software Removal Tool, that can predict the prevalence of a specific social engineering threat based on its characteristics and appeal to the user.

VB Conferences

VB2008 (Ottawa)

VB2007 (Vienna)

VB2006 (Montréal)

VB2005 (Dublin)

VB2004 (Chicago)

VB2003 (Toronto)

VB2002 (New Orleans)

VB2001 (Prague)

VB2000 (Orlando)

VB99 (Vancouver)

VB98 (Munich)

VB97 (San Francisco)

VB96 (Brighton)

VB95 (Boston)

VB94 (Jersey)

VB93 (Amsterdam)

VB92 (Edinburgh)

VB91 (Jersey)

‘In terms of networking, this conference has been superb.’

Poll

Will the current banking crisis lead to an increase in phishing attacks?

Leave a comment
View 1 comment

Malware Prevalence

NetSky
Agent
Zbot
Bifrose/Pakes
Mytob

View this month's full report

Virus Bulletin currently has 138,346 registered users.

Fighting malware and spam