Methusela Cebrian Ferrer Microsoft
In today's threat landscape there is an interesting phenomenon to observe whereby an infection vector is created by a user's increasing 'online waste'.
Abandoned, unmanaged and forgotten websites, profiles, content, and projects are evident traces of human affairs online, all of which are the direct effect of a user's behaviour, which is often perceived as harmless. However, from the viewpoint of malicious actors, this presents as an opportunity. Thus, an understanding of the impact and implications of this online waste is equally as important as it is for any waste that we leave behind in the physical space.
This paper discusses and explores the underlying factors influencing malware distribution. From the intended to unintended generation of online waste, we inquire and navigate the opportunity-generating mechanism that this waste creates. Through a real-world scenario, we attempt to examine and understand how this opportunity-generating mechanism works as a chain and process that exposes any user or system to the risk of malicious code infection. This paper offers the opportunity to explore a new perspective of the threat landscape, and while it hopes to provide clarity on this issue, the paper also highlights challenges and limitations when identifying and preventing threats that arise from a growing volume of detritus online.
VB2013 takes place 2-4 October 2013 in Berlin, Germany.
The full programme for VB2013, including abstracts for each paper, can be viewed here.