Researchers are Carnegie Mellon University have discovered that the easiest way to get people to install malicious software would be to pay them to do it. Of course, this doesn’t involve telling the intended victims that the software is infected and will do harm to their systems. The study discovered that as many as 64 percent of people are willing to install just about anything on their computer for a minuscule amount of money.
The researchers set up their experiment by using a open source freelancing service known as the Mechanical Turk, which allows people to do menial tasks that cannot be automated for a small amount of money in return. The study involved asking strangers to install programmes onto their computers, after which they would be paid an amount of money ranging between US$0.01 and US$1.00.
While it is no surprise that 64 percent of those viewed the project were more than happy to install the software for US$1; it is very disturbing to note that 45 percent of respondents installed the software for only US$0.01. These respondents were also required to fill in a survey about online security after the task, and some 70 percent of the respondents admitted that they were aware of the dangers of installing unknown software.
This study focussed on the potential for this method to distribute malware to create large scale botnets, as these computer networks are capable of generating revenue for those running them. The study concludes that if the inconvenience is low enough, people will have little reason to comply with security warnings.
[Source: Carnegie Mellon University]