Warning to Social Network Users: Beware of Flirting Bots

CyberLover malware mimics males and female to steal personal data.

by / December 12, 2007

A new malware has been uncovered which was developed in Russia that flirts with females or males seeking relationships online in order to collect their personal data.

The software, CyberLover, can conduct fully automated flirtatious conversations with users of chat-rooms and dating sites to lure them into a set of dangerous actions such as sharing their identity or visiting Web sites with malicious content.

According to its creators, CyberLover can establish a new relationship with up to ten partners in just 30 minutes and its victims cannot distinguish it from a human being.

PC Tools is concerned about the program's ability to mimic human behavior during online interactions and urges Internet users to beware of this new breed of software that can easily be used for malicious purposes. The concept behind this software could be the catalyst for a dangerous new trend in malware evolution.

"As a tool that can be used by hackers to conduct identity fraud, CyberLover demonstrates an unprecedented level of social engineering," says Sergei Shevchenko, Senior Malware Analyst at PC Tools. "It employs highly intelligent and customized dialogue to target users of social networking systems."

"Internet users today are generally aware of the dangers of suspicious attachments and URLs they receive, the documents they open or the Web sites they visit, but CyberLover employs a new technique that is unheard of -- and that's what makes it particularly dangerous."

"CyberLover has been designed as a bot that lures victims automatically, without human intervention. If it's spawned in multiple instances on multiple servers, the number of potential victims could be very substantial," says Shevchenko.

According to researchers, the CyberLover software:

  • Offers a variety of profiles ranging from 'romantic lover' to 'sexual predator;'
  • Uses a series of easily configurable "dialogue scenarios" with pre-programmed questions and discussion topics;
  • Is designed to recognize the responses of chat-room users to tailor its interaction accordingly;
  • Compiles a detailed report on every person it meets and submits then to a remote source -- the reports contain confidential information that the victim has shared with the bot, which can include the victim's name, contact details and personal photo(s);
  • Invites victims to visit a "personal" Web site or blog which could in fact be a fake page used to automatically infect visitors with malware.

Though Cyberlover is currently targeting Russian Web sites, social networkers and online daters in the U.S. are urged to stay alert to unusual activity credited to programs like CyberLover.

To protect themselves Internet users should:

  • Never give your personal details to anyone over the Internet.
  • Consider using aliases/fake names on social networking sites and when chatting online.
  • Carefully monitor the online behavior of your family members and educate them of the dangers.
  • Ensure you have up-to-date AntiVirus and Anti-Spyware installed, with real-time and behavioral protection.