A recent paper on paying experimental subjects to run potential malware is here [pdf]. Hat tip Bruce Schneier. Money quote (and I mean money):
We show that as the price increased, more and more users who understood the risks ultimately ran the code. We conclude that users are generally unopposed to running programs of unknown provenance, so long as their incentives exceed their inconvenience.
From Wired Magazine, this excellent portrait of DuQu. Bottom line: it’s doing active reconnaissance on cyber systems and it’s as sophisticated as Stuxnet. The implication of the article seems to be the DuQu is setting up for a future cyber attack, learning about specific systems architectures and transmitting that information…somewhere.
In a positive way. Here’s John Markoff’s piece in the NYT. Here’s the teaser:
A small group of Internet security specialists gathered in Singapore this week to start up a global system to make e-mail and e-commerce more secure, end the proliferation of passwords and raise the bar significantly for Internet scam artists, spies and troublemakers.