The Social Graph of Malware

Speaking informally, your full social network includes all of the people you are come in contact with. These contacts are of varying degrees and flavors, of course, and some relationships are reciprocal and some are not.

These relationships can be diagrammed — creating a network graph — a visual representation of the individuals and relationships in the social network. In this case a social graph of relationships among people. The people are represented as dots or small circles (technically nodes in a graph), and the relationships or ties that bind them are represented by lines connecting them. In the first diagram you can see that individual “A” knows a number of people, including one labeled “B.” “B” happens to know “C” who knows a whole bunch of other people.

If you take any node individually, the nodes that are directly connected to it by lines, taken as a group, constitute its social network. For example, the diagram shows ovals that contain the network of “A” and the network of “C.” The unlabeled nodes also can be thought of as networks, and the nodes and connections can obviously get quite complex — in fact they can rapidly get so visually complex that it’s difficult to make any sense out of a graph at all. For this reason, we are really glad we have computers — a computer can store the nodes and connections internally and can compute various measures of complexity for these social networks. One example of a measure of complexity or metric that you’re probably already of is degrees of separation (or connectedness for that matter). [See the theory of six degrees of separation and Stanley Milgram, who conducted the small-world-experiment which led to this theory.]

What is relevant here to malware is that some types spread only because of the degree of trust and connection between or among people and groups of people. Without this trust, many types of malware simply could not spread.

In this diagram, “A” has become infected by a particular virus. The virus spreads to “A” acquaintances, including “B.” “B” is then a potential route to “C’s” network, but only if “C” trusts “B” enough to take the action that is required in order to spread the virus.

Although many viruses spread in the wild today by automated techniques, many more depend upon the opening of an attached file, or downloading of a file, or going to a spoofed web site that contains malware just waiting to attack through the browser. Without some degree of trust, these would never spread.