Watch out next time you’re flirting in online dating sites and chat-rooms – you could be chatting up a virus called CyberLover which conducts fully-automated, suggestive conversations with users, luring them to malicious websites or convincing them to share their identity.
Developed in Russia, the virus can establish a new relationship with up to 10 partners in just 30 minutes and its victims cannot distinguish it from a human being. According to IT researchers PC Tools who are bringing CyberLover public, the program’s ability to mimic human behaviour during online interactions is uncanny.
According to PC Tools, CyberLover indicates a new breed of software that can easily be used for malicious purposes, indicating a dangerous new trend in malware evolution.
“As a tool that can be used by hackers to conduct identity fraud, CyberLover demonstrates an unprecedented level of social engineering,” says PC Tools senior malware analyst, Sergei Shevchenko.
“It employs highly intelligent and customised dialogue to target users of social networking systems.”
Shevchenko says internet users today are generally aware of the dangers of opening suspicious attachments and visiting unusual URLs, but CyberLover employs a new technique that is unheard of.
“That’s what makes it particularly dangerous,” he said.
“CyberLover has been designed as a bot [robot] that lures victims automatically, without human intervention. If it’s spawned in multiple instances on multiple servers, the number of potential victims could be very substantial.”
The CyberLover software offers a variety of profiles ranging from “romantic lover” to “sexual predator”, and uses a series of easily configurable “dialogue scenarios” with preprogrammed questions and discussion topics. It can also recognise the responses of chat-room users to tailor its interaction accordingly, and compiles a detailed report on every person it meets and submits them to a remote source – the reports contain confidential information that the victim has shared with the bot, which can include the victim’s name, contact details and personal photo(s).
The bot can invites victims to visit a “personal” website or blog which could in fact be a fake page used to automatically infect visitors with malware.