[转载]Behavioral Modeling of Social Engineering-Based Malicious Software

信息来源：邪恶八进制信息安全团队（www.eviloctal.com）

Brief Description
A White Paper from the Microsoft Antimalware Team
This paper will provide examples of poignant social engineering ‘exploits’ over the past few years and attempt to construct a model, using telemetry from Microsoft’s Windows Malicious Software Removal Tool, that can predict the prevalence of a specific social engineering threat based on its characteristics and appeal to the user.

Overview
In June 2006, Microsoft released a report detailing trends gathered by the release of the Windows Malicious Software removal Tool (MSRT) from January 2005 to March 2006. During this period, the tool was executed 2.7 billion times and removed malicious software from 5.7 million unique computers. Of the 5.7 million machines cleaned by the tool, 35% were infected by some malicious software capable of infecting a computer only by using social engineering. This is a significant figure because it illustrates the prevalence of malware that leverages social engineering and clarifies how the malware landscape is far from restricted to malicious software that exploits vulnerabilities in software.

This paper will focus specifically on examining malware that leverages social engineering to infect a computer, where social engineering is defined as ‘a non-technical kind of intrusion that relies heavily on human interaction and often involves tricking other people to break normal security procedures’. It will review techniques used both in the past and present and will use up-to-date data (as of the writing of this report) from the MSRT to differentiate those social engineering techniques which have been particularly successful.

This paper was originally presented at the 2006 Virus Bulletin Conference in Montreal, on October 11, 2006.

http://www.microsoft.com/downloads/details.aspx?FamilyID=e0f27260-58da-40db-8785-689cf6a05c73&displaylang=en