Today, Tuesday 6/6/6, Mike Bond and George Danezis published our department’s 666-th technical report titled “A pact with the Devil”. In this devious research paper, they explore the risks of a whole new generation of malware that exploits not only computer users’ inexperience to propagate, but also their greed, malice and short-sightedness.
For immediate release
For many years now, anti-virus software vendors and users have seemed to form a united front when combating electronic malware. But will this remain so? Are viruses restricted to merely propagate through automated exploits of software bugs and users’ credulity? Mike Bond and George Danezis, until recently computer-security researchers at the University of Cambridge Computer Laboratory, dust off their black hats and explore more sophisticated, or some may say more evil, propagation strategies that viruses and other e-pests may already be using. (Through a fitting coincidence, their report “A pact with the Devil” was published today, on 6 June 2006, and was assigned the Computer Laboratory’s technical report serial number UCAM-CL-TR-666.)
Bond and Danezis predict that tomorrow’s computer viruses will seek the help of users to survive and propagate, by enticing them with benefits. Such viruses take advantage of the fact that they already reside on some computers, to allow newly infected users access to pirate content, such as music or video, or the ability to violate other users’s privacy, such as being able to read their emails or confidential documents. Users will be faced with incentives to install the virus if, in their eyes, the benefits outweigh the drawbacks and risks. Once installed, a virus can entrench itself by providing disincentives to the user against removing it: threats to reveal personal information, or just the fact that the user has actively benefited from the virus, might be sufficient. “The ‘Satan Virus’ turns the user into an ally, and pursues its nefarious activities, such as spamming or attacking third party systems, through a calm symbiosis with the user – who has little to gain, and a lot to lose, if it is removed”, says Bond.
How far away into the future are these sinister e-creatures? Bond and Danezis argue that a lot of software today, bundled with adware and spyware functions, already contains traits of the Satan Virus. A user has to put up with dis-utility to reap the benefits. Similarly, peer-to-peer systems are based on a model where the user gives part of her resources to the “network”, to get some benefit in return. It is only a small, but significant, conceptual leap to extend already deployed strategies to also include electronic bribery and blackmail. The Satan Virus “would not simply infect a user’s machine, but would truly aim to infect the user’s mind”, says Danezis.