Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.
Kenneth F. Belva

Might Users Want Malware?

Here is an interesting paper from the Economics of Information Security.

Here are two key quotes:

“A key point is that… it has been assumed that users are the enemies of the malware which (nearly by definition) acts against their interests.”

“…malware can provide enough incentives to users for them to willingly maintain it on their systems, and can again provide in the medium-term enough disincentives to them removing it.”

In regards to the paper itself, it seems to me the underlying principle of the paper seems sound, as noted in the quotes above. But, it seems to me that the propagation technique between Alice, Bob and Charlie is too complex.

Take figure one for example: “Bob is tempted by Alice’s files (1) and then uses Alice’s files to tempt Charlie (2). As a result Bob can access Alice and Charlie’s files.”

One is better off at appealing to one's self interest. For example, “If this program resides on your computer, we'll give you $10 a month. Send this all your friends and get a referral fee.” Bob lures Charlie through Charlie's own self-interest. Charlie in turn lures Alison. If Bob wants to access Alison's computer, he can pay a fee; the malware writer could charge infected users a fee to be granted access to another person's infected computer.

In another similar scenario (not mentioned in the paper), an “evil corporation” will pay users to install and spread software that will monitor the user and gather metrics for the corporation which would then be sold. Buried deep in the EUA, it may state that the corporation then “owns” everything on the computer and may grant other people access to your computer for a fee.

The propagation techniques in these two scenarios would be like that of a virus: self-perpetuating.

Post a Comment

Your email is never published nor shared. Required fields are marked *