TY - GEN
T1 - It's all about the Benjamins
T2 - 15th International Conference on Financial Cryptography and Data Security, FC 2011
AU - Christin, Nicolas
AU - Egelman, Serge
AU - Vidas, Timothy
AU - Grossklags, Jens
PY - 2012
Y1 - 2012
N2 - We examine the cost for an attacker to pay users to execute arbitrary code-potentially malware. We asked users at home to download and run an executable we wrote without being told what it did and without any way of knowing it was harmless. Each week, we increased the payment amount. Our goal was to examine whether users would ignore common security advice-not to run untrusted executables-if there was a direct incentive, and how much this incentive would need to be. We observed that for payments as low as $0.01, 22% of the people who viewed the task ultimately ran our executable. Once increased to $1.00, this proportion increased to 43%. We show that as the price increased, more and more users who understood the risks ultimately ran the code. We conclude that users are generally unopposed to running programs of unknown provenance, so long as their incentives exceed their inconvenience.
AB - We examine the cost for an attacker to pay users to execute arbitrary code-potentially malware. We asked users at home to download and run an executable we wrote without being told what it did and without any way of knowing it was harmless. Each week, we increased the payment amount. Our goal was to examine whether users would ignore common security advice-not to run untrusted executables-if there was a direct incentive, and how much this incentive would need to be. We observed that for payments as low as $0.01, 22% of the people who viewed the task ultimately ran our executable. Once increased to $1.00, this proportion increased to 43%. We show that as the price increased, more and more users who understood the risks ultimately ran the code. We conclude that users are generally unopposed to running programs of unknown provenance, so long as their incentives exceed their inconvenience.
KW - Behavioral Economics
KW - Human Experiments
KW - Online Crime
UR - http://www.scopus.com/inward/record.url?scp=84857094491&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-27576-0_2
DO - 10.1007/978-3-642-27576-0_2
M3 - Conference contribution
AN - SCOPUS:84857094491
SN - 9783642275753
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 16
EP - 30
BT - Financial Cryptography and Data Security - 15th International Conference, FC 2011, Revised Selected Papers
Y2 - 28 February 2011 through 4 March 2011
ER -