Social engineering meets behavioral economics

A recent paper on paying experimental subjects to run potential malware is here [pdf]. Hat tip Bruce Schneier. Money quote (and I mean money):

We show that as the price increased, more and more users who understood the risks ultimately ran the code. We conclude that users are generally unopposed to running programs of unknown provenance, so long as their incentives exceed their inconvenience. 

Stuxnet II is out there….

From Wired Magazine, this excellent portrait of DuQu. Bottom line: it’s doing active reconnaissance  on cyber systems and it’s as sophisticated as Stuxnet. The implication of the article seems to be the DuQu is setting up for a future cyber attack, learning about specific systems architectures and transmitting that information…somewhere.