Russian chatbot fools users into divulging information

December 15, 2007

A program that can mimic online flirtation to extract personal information from its unsuspecting conversation partners is making the rounds in Russian chat forums, according to security software firm PC Tools. Named "CyberLover", the automated chat program is supposedly good enough that victims have a tough time distinguishing the "bot" from a real potential suitor. The software can work quickly, establishing up to 10 relationships in 30 minutes. It compiles a report on every person it meets complete with name, contact details, and photographs, should this information be provided by the target.1

A spokesman for PC Tools said the program had a "terrifyingly well-organized" interaction that could fool users into giving up personal details and could easily be converted to work in other languages. "As a tool that can be used by hackers to conduct identity fraud, CyberLover demonstrates an unprecedented level of social engineering," Sergei Shevchenko, Senior Malware Analyst at PC Tools, said in a statement. "It employs highly intelligent and customized dialogue to target users of social networking systems." The program can monitor Internet browser activity, automatically recognize and fill in the fields in the web pages, generate keystrokes and mouse clicks, and post messages, URLs, files and photos. "It can do exactly what users normally do when they are online, only in an automated pre-programmed way."2

Security software company PC Tools warns that the bot can easily be tailored for malicious purposes. The company said that the program's ability to mimic human behavior to dupe chatters is worrisome. "CyberLover has been designed as a bot that lures victims automatically, without human intervention. If it's spawned in multiple instances on multiple servers, the number of potential victims could be very substantial."3

Among CyberLover's creepy features is its ability to offer a range of different profiles from "romantic lover" to "sexual predator". It can also lead victims to a personal web site, which could ultimately be used to deliver malware.1

The bot's use so far has been limited to Russian sites only.4

1. "Chat bots latest Russian malware threat", Reuters, December 10, 2007

2. "Russian computer program fakes chatroom flirting", Reuters, December 13, 2007

3. "Hot, sexy bot sweet-talks personal data out of chatters", Ars Technica, December 14, 2007

4. "Flirty Chat-Room 'Bot' Out to Steal Your Identity", Fox News, December 12, 2007