Virus Bulletin 2006


A contingent from our antimalware team attended the Virus Bulletin conference in Montreal, Canada two weeks ago- 12 of us in all.  Matt Braverman and I were both presenters and I also moderated a panel discussing progress made by the Anti-Spyware Coalition


My paper entitled “I Know What You Did Last Logon” was a look into monitoring software from the perspective of privacy and the boundaries of appropriate versus inappropriate use for such technology.  I examined this from several angles including a discussion of several court cases that illustrate both sides of the discussion.  I also drilled into several pieces of malware for a more detailed discussion of the technical methods employed by monitoring software.


Matt’s paper, entitled “Behavioral Modeling of Social Engineering-Based Malicious Software” focuses on malware that leverages social engineering to infect a computer. It reviews techniques used both in the past and present and uses up-to-date data from the MSRT to differentiate those social engineering techniques which have been particularly successful. For example, we’ve found that using “generic conversation” techniques in an email seems to be one of the most effective ways to attract a user to executing an attachment to that email. Such techniques usually leverage short email subjects and bodies (e.g. “Here is that document you asked for”) to try and replicate conversations that may have occurred “in real life” between the email recipient and the sender which the email may spoof.


Copies of both papers are now available through the download center, let us know what you think.


— Jeff Williams
Security Research & Response


Comments (2)

  1. Anonymous says:

    Jeff Williams and Matt Braverman, of the Microsoft Anti-Malware Engineering Team , attended the Virus

  2. Phylyp says:

    My dad is often confused when he receives email viruses that try to use social engineering techniques to get it installed.

    I found Matt’s paper a well written source that I’ve passed on to him, to help identify common techniques.

    Thanks, Matt!