Live Science Plus
You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Delivered Daily
Daily Newsletter
Sign up for the latest discoveries, groundbreaking research and fascinating breakthroughs that impact you and the wider world direct to your inbox.
Once a week
Life's Little Mysteries
Feed your curiosity with an exclusive mystery every week, solved with science and delivered direct to your inbox before it's seen anywhere else.
Once a week
How It Works
Sign up to our free science & technology newsletter for your weekly fix of fascinating articles, quick quizzes, amazing images, and more
Delivered daily
Space.com Newsletter
Breaking space news, the latest updates on rocket launches, skywatching events and more!
Once a month
Watch This Space
Sign up to our monthly entertainment newsletter to keep up with all our coverage of the latest sci-fi and space movies, tv shows, games and books.
Once a week
Night Sky This Week
Discover this week's must-see night sky events, moon phases, and stunning astrophotos. Sign up for our skywatching newsletter and explore the universe with us!
Join the club
Get full access to premium articles, exclusive features and a growing list of member rewards.
Most malware restricts itself to stealing credit card numbers, tricking computers into sending spam and occasionally shutting down an Iranian nuclear power plant. This state will not last. As Internet traffic increasingly shifts to social networking sites, a new class of malware will steal identities, co-opt personal relationships and imitate people’s natural behaviors to avoid detection.
Writing in the online research website ArXiv.org, computer scientists from Ben Gurion University, in Beersheba, Israel, predict how these attacks will use an individual’s own personality to stealthily distribute information about their social circle to spammers. Although no malware of this variety has been discovered in the wild yet, the value of social network data makes its eventual appearance all but inevitable, the authors write.
these new kinds of attacks, which are much more dangerous, steal not your credit cards and passwords, which are things that you can change, but steal your reality, information about your friends, and about your habits, which is much more valuable,” said Yaniv Altschuler, first author on the ArXiv paper. “Because this is so valuable, these are probably the kinds of attacks under development right now.”
Unlike most malware, which replicates rapidly in the hope of outpacing the eventual security response, this kind of malware would use stealth, rather than speed, to inflict damage.
First, the malware would collect information on your social circle. It would do this both in the cyber sense, by infiltrating social networking sites, and in the physical realm, by taking advantage of mobile devices’ ability to sense and communicate with other nearby mobile devices, Altshuler told TechNewsDaily.
Then, after recording the frequency and recipients of one’s social networking messages, the malware would send out spam advertising in a pattern that resembles natural traffic. Coming from a trusted friend in a routine quantity, these ads would be more likely to trick people than random spam, Altschuler said.
Plus, since most antivirus protocols in social networking sites look for aberrant behavior, the malware wouldn’t raise alarms as it imitated the regular behavior of unsuspecting users.
“Any time they can look like more normal traffic, it will give them an advantage,” said Danny Quist, a computer security expert and founder of Offensive Computing, LLC. “Right now, it’s fairly unsophisticated. There’s been some private investigations where I’ve seen some similar things happening, and it’s horribly complex. It’s trying to emulate a lot of this behavior so as to not get caught.”
The stealth nature of this malware species may explain why no one has found any yet, Altschuler said. But if the ArXiv paper is correct, the absence of discovery may simply result from security officials looking in the wrong place.
