topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Tuesday March 19, 2024, 12:02 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: How to get users to install malware... pay them a few pennies.  (Read 1975 times)

Edvard

  • Coding Snacks Author
  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 3,017
    • View Profile
    • Donate to Member
 :o
It’s All About The Benjamins:
An empirical study on incentivizing users to ignore security advice

Abstract.
We examine the cost for an attacker to pay users to execute arbitrary code—potentially malware. We asked users at home to download and run an executable we wrote without being told what it did and without any way of knowing it was harmless. Each week, we increased the payment amount.
...
We conclude that users are generally unopposed to running programs of unknown provenance, so long as their incentives exceed their inconvenience.

 What the...

Engadget article here: http://www.engadget....n-paid-pc-hijacking/

PDF here: https://www.andrew.c...ations/CEVG-FC11.pdf

Faith in humanity: shaken yet again...

app103

  • That scary taskbar girl
  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 5,884
    • View Profile
    • Donate to Member
Re: How to get users to install malware... pay them a few pennies.
« Reply #1 on: June 18, 2014, 09:27 PM »
Yup, not surprised at all.

You don't even have to pay them actual money. Just give them so many points per piece of malware/spyware/toolbar/search engine change/etc., (give them more points to keep it installed for a month or longer) which they can save up and cash in for crappy quality merchandise and gift cards for major retailers.

You can even pay them points for filling out "surveys" and ask them loads of personal info about any topic, such as their finances. You already have a username/email address, and a password they created on your site (still plenty of idiots out there that will use the same combo for every account they have), and a street address they gave you for where to ship them the gift cards & other junk. Just ask them a bunch of info about their pets, their family, what they think of certain banks and toss in a couple of multiple choice questions about which bank they use and how much money they currently have in their account. Just keep sending them surveys and giving them points, till you have social engineered enough info out of them that you can do whatever you want. While they are out using that $10 gift card you gave them, you'll be logging into their account at their bank's website and doing whatever you want, resetting their email password, taking over their Twitter/Facebook/whatever accounts, etc. You can even make some extra money on the side by getting companies to pay you to send them some legit surveys.


yes, if I were evil, I'd be truly dangerous.