Stealth Malware Steals and Imitates Social Behavior

Most malware restricts itself to stealing credit card numbers, tricking computers into sending spam and occasionally shutting down an Iranian nuclear power plant. This state will not last. As Internet traffic increasingly shifts to social networking sites, a new class of malware will steal identities, co-opt personal relationships and imitate people’s natural behaviors to avoid detection.

Writing in the online research website, computer scientists from Ben Gurion University, in Beersheba, Israel, predict how these attacks will use an individual’s own personality to stealthily distribute information about their social circle to spammers. Although no malware of this variety has been discovered in the wild yet, the value of social network data makes its eventual appearance all but inevitable, the authors write.

these new kinds of attacks, which are much more dangerous, steal not your credit cards and passwords, which are things that you can change, but steal your reality, information about your friends, and about your habits, which is much more valuable,” said Yaniv Altschuler, first author on the ArXiv paper. “Because this is so valuable, these are probably the kinds of attacks under development right now.”

Unlike most malware, which replicates rapidly in the hope of outpacing the eventual security response, this kind of malware would use stealth, rather than speed, to inflict damage.

First, the malware would collect information on your social circle. It would do this both in the cyber sense, by infiltrating social networking sites, and in the physical realm, by taking advantage of mobile devices’ ability to sense and communicate with other nearby mobile devices, Altshuler told TechNewsDaily.

Then, after recording the frequency and recipients of one’s social networking messages, the malware would send out spam advertising in a pattern that resembles natural traffic. Coming from a trusted friend in a routine quantity, these ads would be more likely to trick people than random spam, Altschuler said.

Plus, since most antivirus protocols in social networking sites look for aberrant behavior, the malware wouldn’t raise alarms as it imitated the regular behavior of unsuspecting users.

“Any time they can look like more normal traffic, it will give them an advantage,” said Danny Quist, a computer security expert and founder of Offensive Computing, LLC. “Right now, it’s fairly unsophisticated. There’s been some private investigations where I’ve seen some similar things happening, and it’s horribly complex. It’s trying to emulate a lot of this behavior so as to not get caught.”

The stealth nature of this malware species may explain why no one has found any yet, Altschuler said. But if the ArXiv paper is correct, the absence of discovery may simply result from security officials looking in the wrong place.