2,000 reactions to a malware attack - accidental study

Friday 4 October 09:30 - 10:00, Red room

Adam Haertle (BadCyber.com / ZaufanaTrzeciaStrona.pl)

Being a cybercrime journalist and researcher has some accidental side-effects, like being targeted by cybercriminals themselves. A few months ago, some malware spammers described previously on my blog decided to manifest their gratitude by putting my private email address in the "reply-to" field of a malware email campaign. As a result, I got about 2,000 unsolicited answers from campaign targets, mostly unaware that they were not contacting the real sender of those malicious messages. Many of them were actually totally unaware that the message they had received was fake and contained malware. Some even asked me to resend the malware as it was blocked by their AV product. Despite dealing with cybercrime victims daily for the last seven years I was surprised by most of the reactions and realized how little we, as the security industry, know about the average Internet user's ability (or rather inability) to identify threats online. I read those 2,000 messages, analysed and classified victims' answers and wanted to share my findings. The key takeaway - we have to train users, but at the same time we shouldn't count on them properly reacting to Internet threats. We need to build solutions that will protect the users, without their knowledge, sometimes against their will, from their ability to hurt themselves in the worst possible way.




Adam Haertle

Until recently CSO of a large polish telecommunications company, currently Editor in Chief of an infosec portal, journalist, researcher, lecturer and trainer. Spends multiple hours every day reading all infosec news and trying to explain security to regular people and those in the industry who do not have the time or patience to read the lengthy reports. Obscure papers and blog entries in forgotten languages. Favourite Google query: "how to quit vi".

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.