No Need To Deceive, Viruses Offer Users A Faustian Bargain
from the 6-6-06 dept
Malware distributors commonly hold out the lure of free games and screensavers as means of getting users to download the offending software. Often, the games don't work, but in the meantime the user's computer silently becomes part of a malicious botnet that sends out spam and participates in DDOS attacks. Fitting with today's date, two researchers have released a paper describing what they call a Devil Virus. While the Devil Virus in the paper is a theoretical model, it incorporates characteristics from existing viruses that inform users that they are indeed a virus, but will confer on them great powers. To use an example from the paper, the virus may silently infect Alice's computer, and then send an email to her colleague Bob, offering him the chance to read all of Alice's files, or at least any that mention Bob's name. At this point, most competent computer users will realize that this is some unkosher software, but many will take the lure. Furthermore, if Bob has nothing to hide on his computer, it increases the likelihood that he'll risk having the same done to him -- this is known as the paradox of the virtuous sinner. It may propagate itself further still, by allowing Bob to select further recipients, offering them the chance to read Alice's files, and Bob the chance to read their files. Oh yeah, and if Bob wants out of the deal, or doesn't offer up more names it can threaten to encrypt his files, crash his hard drive, or at least expose his wanton ways to his colleagues and company, just as the Devil would do if one backed out. It's widely understood that one of the big security challenges is informing ignorant users about the danger that lurks online, but it's even harder to stamp out seemingly small temptations, that play upon character flaws to carry out an attack.