Gizmodo reports:
A team of four researchers found [PDF] that 22 to 43 percent of their test subjects would download and run an unknown executable file for payments ranging from as low as $0.01 to $1.
The researchers used Amazon's Mechanical Turk to conduct the experiment. Participants were asked to download a program onto their systems and run it for an hour. They did not know what the program actually did. As the amount offered to run the program was increased from $0.01 to $10 over five weeks, the percentage of users who ran the program grew steadily and topped out at 43 percent.
This discussion has been archived.
No new comments can be posted.
It's Easy to Infect People With Malware If You Pay Them a Few Cents
|
Log In/Create an Account
| Top
| 28 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(Score: 2, Insightful) by Jeremiah Cornelius on Monday June 16 2014, @11:00PM
Now, all your base are belong to us.
I keep being reminded... How does that phrase go?
"You cannot apply a technological solution to a sociological problem" [everything2.com].
We better not go too "meta", and apply that critique to the entire proposition of Soylent... :-)
You're betting on the pantomime horse...
(Score: 1) by zsau on Tuesday June 17 2014, @03:19AM
Soylent is a sociological solution to a sociological problem, no? The rulers were unkind, so the eyeballs moved elsewhere using the same technology.
(Score: 2) by davester666 on Tuesday June 17 2014, @06:58AM
Should have used
Penny for your computer.
(Score: 5, Interesting) by Hartree on Monday June 16 2014, @11:07PM
I wonder if anyone downloaded it onto a sandboxed system on an isolated network just to analyze it?
"Unknown? Hah! I bet I can figure out what this sucker is doing!"
(Score: 5, Interesting) by frojack on Monday June 16 2014, @11:40PM
For 10 bucks an hour, I'd gen up a throw-away Virtual machine and run their little malware for them, I'd even give it a slooooooow internet connection with egress filtering.
No, you are mistaken. I've always had this sig.
(Score: 3, Insightful) by Marand on Tuesday June 17 2014, @12:11AM
That was my first thought, too. "Ten bucks an hour? Sure! Just let me set up a throw-away VM with nothing useful on it real quick..."
Second thought was idle curiosity about if the mystery-binary would run in wine or not. You can tell if wine's doing well by how well it can run mystery malware.
(Score: 0) by Anonymous Coward on Tuesday June 17 2014, @12:01AM
Ironically about 20 minutes ago someone called me with a Nigerian accent. I asked him if he's Nigerian and if he speaks Igbo and he said he wants someone that speaks English. I told him I speak English (among other languages) and it's my native language. He said he is calling me to tell me about my windows computer. I told him I know everything about computers including how to fix them and write software. He said thank you and have a nice day. He was clearly trying to scam me by putting malware on my computer as I have received these types of phone calls in the past.
(Score: 2, Funny) by e_armadillo on Monday June 16 2014, @11:22PM
From the title I hoped the people were infected.
"How are we gonna get out of here?" ... "We'll dig our way out!" ... "No, no, dig UP stupid!"
(Score: 4, Funny) by BsAtHome on Monday June 16 2014, @11:43PM
Well, many of them are carrying the "I'm too stupid" virus and some of them are in the infectious state.
(Score: 3, Insightful) by zeigerpuppy on Monday June 16 2014, @11:22PM
Considering people using the Mechanical Turk are used to doing just about anything for a few cents, this experiment is not generalisable to the wider Internet. The is an implicit trust relationship of users of that service which is quite different than offering a few cents by email from an unknown source.
(Score: 1) by broken on Tuesday June 17 2014, @12:17AM
Excellent point. This is one of the biggest problems when studying behavior: how to get a representative sample of the population you desire to study. Unfortunately, most studies need participants to cooperate in some way, and that significantly skews the sample population. Using Amazon's Mechanical Turk to estimate how much the average person would need to be paid to run an unknown program is so wrong that I can't imagine why anyone would waste their time trying it out, let alone actually following through and paying people to do it.
Now if they just wanted to find out how easy it is to use the Mechanical Turk to get people to run programs for future reference, then this makes perfect sense. Just don't try to generalize it.
(Score: 3, Interesting) by Reziac on Tuesday June 17 2014, @01:58AM
Conversely, about 20 years ago there was a casual study done at LAX by one of the local TV news stations: Coins of various denominations were scattered fairly obviously around the passenger terminal, then watched to see how long it took them to be picked up.
What they found is that most people can't be arsed to pick up anything smaller than a quarter.
Not me... I'da scoured up every coin in sight. Money is money, and my time is worth very little. At the time it was pointed out that Bill Gates' time was so valuable, that stopping to pick up a quarter would cost him a thousand bucks.
But I still wouldn't run unknown software from Mechanical Turk (or anywhere else), at least not on my main machine. I do like someone's idea of running it on a junk box or VM for as many hours as they'd pay me for. :D
And there is no Alkibiades to come back and save us from ourselves.
(Score: 0) by Anonymous Coward on Tuesday June 17 2014, @12:54AM
Is it really all that different from trusting websites that you read to not deliver you any malware? It isn't measured in pennies but otherwise it seems like basically the same thing to me.
(Score: 1) by jelizondo on Tuesday June 17 2014, @03:05AM
Ahh! To be young and candid!
The percentage of people who would run an unknown application is probably higher in the wild; just tell them they need "abc" program to see the latest video from the Kardashians (or however it is spelt.)
Now, get off my lawn!
(Score: 1) by crAckZ on Monday June 16 2014, @11:34PM
Is your bank account, routing number, name, address and mothers maiden name and we will transfer your 48 cents AND give you the download link. What could go wrong?
(Score: -1, Offtopic) by Anonymous Coward on Tuesday June 17 2014, @02:51AM
With malware if you make it so they can't be BURNT by what they can't touch: Custom hosts files are better, by FAR, on multiple levels in efficiency + added speed, security, reliability, & anonymity than ANY single browser addon + fix DNS security redirect issues:
APK Hosts File Engine 9.0++ 32/64-bit:
http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74 [start64.com]
(Details of hosts' benefits enumerated in link)
Summary:
---
A.) Hosts do more than:
1.) AdBlock ("souled-out" 2 Google/Crippled by default)
2.) Ghostery (Advertiser owned) - "Fox guards henhouse"
3.) Request Policy -> http://yro.slashdot.org/comments.pl?sid=4127345&cid=44701775 [slashdot.org]
---
B.) Hosts add reliability vs. downed or redirected DNS
---
C.) Hosts secure vs. known malicious domains -> http://tech.slashdot.org/comments.pl?sid=3985079&cid=44310431 [slashdot.org]
(w/ less added "moving parts" complexity + room 4 breakdown)
---
D. ) Hosts files yield more:
1.) Speed (blocks ads & hardcodes fav sites - faster than remote DNS)
2.) Security (vs. malicious domains serving mal-content + block spam/phish & trackers)
3.) Reliability (vs. downed or Kaminsky redirect vulnerable DNS, 99% = unpatched vs. it & worst @ ISP level + weak vs FastFlux + DynDNS botnets)
4.) Anonymity (vs. dns request logs + DNSBL's).
---
E.) Hosts do MORE with less (1 file)
---
F.) Hosts operate @ a faster level (ring 0) vs redundant browser addons (slowing up slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ OS, & 1st net resolver queried w\ 45++ yrs.of optimization).
---
G.) Addons are more complex & ARE EASILY DETECTABLE BY NATIVE BROWSER METHODS - hosts are not!
---
H.) Addons slowup browsers & in message passing (use a few concurrently - you'll see)
---
I.) Addons> slowdown SLOWER usermode browserslayering on MORE - & bloating memory consumption too + hugely excessive CPU usage (4++gb extra in FireFox https://blog.mozilla.org/nnethercote/2014/05/14/adblock-pluss-effect-on-firefoxs-memory-usage/ [mozilla.org])
---
* SO - Instead?
I work w/ what you have in kernelmode, via hosts (A tightly integrated PART of the IP stack itself)
APK
P.S.=> "The premise is, quite simple: Take something designed by nature & reprogram it to make it work FOR the body, rather than against it..." - Dr. Alice Krippen "I AM LEGEND"...apk (blocks ads (A tightly integrated /b itself)... apk
(Score: 2) by LookIntoTheFuture on Tuesday June 17 2014, @01:37PM
Not Soylentnews too! Get the hell out of here!
(Score: 0) by Anonymous Coward on Tuesday June 17 2014, @07:14PM
I never post where this doesn't apply - & you're more than welcome to prove me wrong on that, + the points about it I extoll: Good luck, you'll need it.
APK
P.S.=> I know you can't so the best you've got is your bogus downmods, nothing more (& if you think that "fools anyone" doing those bogus downmods of yours? You're the fool...)... apk
(Score: 0) by Anonymous Coward on Tuesday June 17 2014, @07:40PM
The post is about malware, if I block access to them & their servers (hence their malware) using my app then how can you justify the downmod? This does that http://soylentnews.org/comments.pl?sid=2401&cid=56202 [soylentnews.org]
APK
P.S.=> Answer that... apk
(Score: 0) by Anonymous Coward on Wednesday June 18 2014, @10:02PM
...and so it begins
the great pasting of duplicate /. posts
if... wait, what am i saying... when you start pasting your much beloved "tRoLl ReVeRsAl ScRiPt", see if you can manage to avoid the python indentation bug that i had to point out to you repeatedly before you eventually figured it out, and then blamed /.
and no, apk... exception handlers aren't meant for catching bugs.
(Score: 0) by Anonymous Coward on Thursday June 19 2014, @01:54AM
LOL, did I say they were? They're for stopping abends. You ran "forrest" 2x here http://soylentnews.org/comments.pl?sid=2401&cid=56617 [soylentnews.org] & here too http://soylentnews.org/comments.pl?sid=2401&cid=56595 [soylentnews.org]
* :)
(By the way - the FUNNIEST PART of the dolt who *tried* to say my idents were wrong LACKED THEM COMPLETELY IN HIS POST regarding that - hilarious, & the /. forums engine does make mistakes in MANY things, including indents (& adding things to the ends of posts people never posted either...)).
Better luck next time, chump!
APK
P.S.=> So, how was I 'off topic' (which you down moderated my original post for)? Why can't you validly disprove my points on hosts files adding more speed, security, reliability, & anonymity than ANY SINGLE BROWSER ADDON + more efficiently as well?? Keep "running", forrest (lmao)... apk
(Score: 0) by Anonymous Coward on Thursday June 19 2014, @07:35AM
nothing wrong with hosts files... you just suck as a salesman.
can't escape the indentation bug buddy. it's on your permanent record, along with your repeated denials of its existence and your ridiculous arguments that exception handlers are for catching bugs.
keep it up though :-)
(Score: 0) by Anonymous Coward on Thursday June 19 2014, @01:20PM
I'M NOT SELLING ANYTHING - my app's free, fool! Bug? For a "bug", how come my code works?? Why did /. put extra material @ the end of my posts I never typed in??? Why did the dolt who *tried* to bother me on that have NO INDENTS @ ALL ON HIS EXAMPLES of Python????
* Answer those questions!
APK
P.S.=> Do yourself a favor - keep TROLLING (harassing others) - you need the practice since YOU totally suck @ it... apk
(Score: 2) by Popeidol on Tuesday June 24 2014, @09:19AM
You're posting on articles about how you shouldn't download unknown software, and saying it can be fixed by downloading an unknown piece of software.
Do you see how that might not be the best technique? Accompanying it with text that reads half way between spam and the guy from Timecube [timecube.com] doesn't help the situation.
(Score: 2) by Tork on Tuesday June 17 2014, @03:27AM
🏳️🌈 Proud Ally 🏳️🌈
(Score: 0) by Anonymous Coward on Tuesday June 17 2014, @04:09AM
i can has 10 dollars now?
(Score: 0) by Anonymous Coward on Wednesday June 18 2014, @02:43PM
With malware if you make it so they can't be BURNT by what they can't touch: Custom hosts files are better, by FAR, on multiple levels in efficiency + added speed, security, reliability, & anonymity than ANY single browser addon + fix DNS security redirect issues:
APK Hosts File Engine 9.0++ 32/64-bit:
http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74 [start64.com]
(Details of hosts' benefits enumerated in link)
Summary:
---
A.) Hosts do more than:
1.) AdBlock ("souled-out" 2 Google/Crippled by default)
2.) Ghostery (Advertiser owned) - "Fox guards henhouse"
3.) Request Policy -> http://yro.slashdot.org/comments.pl?sid=4127345&cid=44701775 [slashdot.org]
---
B.) Hosts add reliability vs. downed or redirected DNS
---
C.) Hosts secure vs. known malicious domains -> http://tech.slashdot.org/comments.pl?sid=3985079&cid=44310431 [slashdot.org]
(w/ less added "moving parts" complexity + room 4 breakdown)
---
D. ) Hosts files yield more:
1.) Speed (blocks ads & hardcodes fav sites - faster than remote DNS)
2.) Security (vs. malicious domains serving mal-content + block spam/phish & trackers)
3.) Reliability (vs. downed or Kaminsky redirect vulnerable DNS, 99% = unpatched vs. it & worst @ ISP level + weak vs FastFlux + DynDNS botnets)
4.) Anonymity (vs. dns request logs + DNSBL's).
---
E.) Hosts do MORE with less (1 file)
---
F.) Hosts operate @ a faster level (ring 0) vs redundant browser addons (slowing up slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ OS, & 1st net resolver queried w\ 45++ yrs.of optimization).
---
G.) Addons are more complex & ARE EASILY DETECTABLE BY NATIVE BROWSER METHODS - hosts are not!
---
H.) Addons slowup browsers in message passing (use a few concurrently - you'll see)
---
I.) Addons> slowdown SLOWER usermode browserslayering on MORE - & bloating memory consumption too + hugely excessive CPU usage (4++gb extra in FireFox https://blog.mozilla.org/nnethercote/2014/05/14/adblock-pluss-effect-on-firefoxs-memory-usage/ [mozilla.org])
---
* SO - Instead?
I work w/ what you have in kernelmode, via hosts (A tightly integrated PART of the IP stack itself)
APK
P.S.=> "The premise is, quite simple: Take something designed by nature & reprogram it to make it work FOR the body, rather than against it..." - Dr. Alice Krippen "I AM LEGEND"...apk (blocks ads (A tightly integrated /b itself)... apk
(Score: 0) by Anonymous Coward on Saturday June 21 2014, @06:20AM
Custom hosts files are better, by FAR, on multiple levels in efficiency + added speed, security, reliability, & anonymity than ANY single browser addon + fix DNS security redirect issues:
APK Hosts File Engine 9.0++ 32/64-bit:
http://start64.com/index.php?option=com_content&view=article&id=5851:apk-hosts-file-engine-64bit-version&catid=26:64bit-security-software&Itemid=74 [start64.com]
(Details of hosts' benefits enumerated in link)
Summary:
---
A.) Hosts do more than:
1.) AdBlock ("souled-out" 2 Google/Crippled by default)
2.) Ghostery (Advertiser owned) - "Fox guards henhouse"
3.) Request Policy -> http://yro.slashdot.org/comments.pl?sid=4127345&cid=44701775 [slashdot.org]
---
B.) Hosts add reliability vs. downed DNS servers.
---
C.) Hosts add reliability vs. redirected DNS (or site redirects on websites)
---
D.) Hosts secure vs. known malicious domains -> http://tech.slashdot.org/comments.pl?sid=3985079&cid=44310431 [slashdot.org]
(w/ less added "moving parts" complexity + room 4 breakdown)
---
E.) Hosts files yield more:
1.) Speed (blocks ads & hardcodes fav sites - faster than remote DNS)
2.) Security (vs. malicious domains serving mal-content + block spam/phish & trackers)
3.) Reliability (vs. downed or Kaminsky redirect vulnerable DNS, 99% = unpatched vs. it & worst @ ISP level + weak vs FastFlux + DynDNS botnets)
4.) Anonymity (vs. dns request logs + DNSBL's).
---
F.) Hosts do MORE with less (1 file)
---
G.) Hosts operate @ a faster level (ring 0) vs redundant browser addons (slowing up slower ring 3 browsers) via filtering 4 the IP stack (coded in C, loads w/ OS, & 1st net resolver queried w\ 45++ yrs.of optimization).
---
H.) Addons are more complex & that adds breakdown potential.
---
I.) Addons ARE EASILY DETECTABLE BY NATIVE BROWSER METHODS - hosts are not!
---
J.) Addons slowup browsers in message passing (use a few concurrently - you'll see)
---
K.) Addons slowdown SLOWER usermode browserslayering on MORE - & bloating memory consumption too + hugely excessive CPU usage (4++gb extra in FireFox https://blog.mozilla.org/nnethercote/2014/05/14/adblock-pluss-effect-on-firefoxs-memory-usage/ [mozilla.org])
---
* So - Instead?
I work w/ what you have in kernelmode, via hosts (A tightly integrated PART of the IP stack itself)
APK
P.S.=> "The premise is, quite simple: Take something designed by nature & reprogram it to make it work FOR the body, rather than against it..." - Dr. Alice Krippen "I AM LEGEND"...apk (blocks ads (A tightly integrated /b itself)... apkmessage passing