Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

It's All About The Benjamins: Fair Trade botnets and incentivizing users to ignore security advice

Published

Author(s)

Serge M. Egelman, Nicolas Christin, Timothy Vidas, Jens Grossklags

Abstract

We examine the cost for an attacker to pay users to execute arbitrary code---potentially malware. We created an Amazon's Mechanical Turk task wherein users were asked to download and run for an hour an executable we wrote. While this program was benign, users were not told what it did, and had no way of knowing it was harmless. Each week, we increased the payment amount. Our goal was to examine whether users would ignore commonly understood security advice (do not run untrusted executables) if there was a direct incentive for them to do so, and how much this incentive would need to be. We observed that even for payments as low as $0.01, 22% of the people who viewed the task ultimately ran our executable. Once increased to $1.00, this proportion increased to 43%. We show that as the price increased, more and more users who understood the risks ultimately ran the code. We conclude that users are generally unopposed to running malware, so long as their incentives exceed their inconvenience.
Proceedings Title
Financial Cryptography and Data Security '11
Conference Dates
February 28-March 4, 2011
Conference Location
St. Lucia

Keywords

behavioral economics, online crime, human experiments

Citation

Egelman, S. , Christin, N. , Vidas, T. and Grossklags, J. (2011), It's All About The Benjamins: Fair Trade botnets and incentivizing users to ignore security advice, Financial Cryptography and Data Security '11, St. Lucia, -1 (Accessed December 13, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created February 28, 2011, Updated May 4, 2021