ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

How to get users to install malware... pay them a few pennies.

(1/1)

Edvard:
 :o
It’s All About The Benjamins:
An empirical study on incentivizing users to ignore security advice

Abstract.
We examine the cost for an attacker to pay users to execute arbitrary code—potentially malware. We asked users at home to download and run an executable we wrote without being told what it did and without any way of knowing it was harmless. Each week, we increased the payment amount.
...
We conclude that users are generally unopposed to running programs of unknown provenance, so long as their incentives exceed their inconvenience.

--- End quote ---

 What the...

Engadget article here: http://www.engadget.com/2014/06/15/study-on-paid-pc-hijacking/

PDF here: https://www.andrew.cmu.edu/user/nicolasc/publications/CEVG-FC11.pdf

Faith in humanity: shaken yet again...

app103:
Yup, not surprised at all.

You don't even have to pay them actual money. Just give them so many points per piece of malware/spyware/toolbar/search engine change/etc., (give them more points to keep it installed for a month or longer) which they can save up and cash in for crappy quality merchandise and gift cards for major retailers.

You can even pay them points for filling out "surveys" and ask them loads of personal info about any topic, such as their finances. You already have a username/email address, and a password they created on your site (still plenty of idiots out there that will use the same combo for every account they have), and a street address they gave you for where to ship them the gift cards & other junk. Just ask them a bunch of info about their pets, their family, what they think of certain banks and toss in a couple of multiple choice questions about which bank they use and how much money they currently have in their account. Just keep sending them surveys and giving them points, till you have social engineered enough info out of them that you can do whatever you want. While they are out using that $10 gift card you gave them, you'll be logging into their account at their bank's website and doing whatever you want, resetting their email password, taking over their Twitter/Facebook/whatever accounts, etc. You can even make some extra money on the side by getting companies to pay you to send them some legit surveys.


yes, if I were evil, I'd be truly dangerous.

Navigation

[0] Message Index

Go to full version