Behavioral Modeling of Social Engineering Based Malicious Software

In June 2006, Microsoft released a report detailing trends gathered by the release of the Windows Malicious Software removal Tool (MSRT) from January 2005 to March 2006. During this period, the tool was executed 2.7 billion times and removed malicious software from 5.7 million unique computers. Of the 5.7 million machines cleaned by the tool, 35% were infected by some malicious software capable of infecting a computer only by using social engineering. This is a significant figure because it illustrates the prevalence of malware that leverages social engineering and clarifies how the malware landscape is far from restricted to malicious software that exploits vulnerabilities in software.

This paper will focus specifically on examining malware that leverages social engineering to infect a computer, where social engineering is defined as 'a non technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures'. It will review techniques used both in the past and present and will use up to date data (as of the writing of this report) from the MSRT to differentiate those social engineering techniques which have been particularly successful. Download details: Behavioral Modeling of Social Engineering-Based Malicious Software

Linked by shanmuga Wednesday, 1st November 2006 5:51AM