Behavioural modelling of social engineering based malicious software

Matthew Braverman Microsoft

Some of the most active threats in the wild today exploit weaknesses in the component with the largest attack surface area in the end-to-end operation of a computer: the user. Malicious software such as Sober, Netsky, Bagle, and Mywife can take control of a computer not because of any software bug or vulnerability but because they somehow lure the user to execute them, usually by running an attachment of an email. This paper will provide examples of poignant social engineering 'exploits' over the past few years and attempt to construct a model, using telemetry from Microsoft's Windows Malicious Software Removal Tool, that can predict the prevalence of a specific social engineering threat based on its characteristics and appeal to the user.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.