The Use of Psychology and Software Design to 
Disguise Malware 
Brian Horch 
October 30, 2019 
123 Sesame Street 
(555) 123-4567 
fakeemail@fake.edu 
   
Summary 
 
This study aims to understand the psychology behind how trojan horse-style malware 
disguises itself. It will do so through an analysis of the malware itself and a study where 
people attempt to identify a certain piece of software or website as potential trojan 
horse. Both of these tasks combined will require ten weeks to complete and will require 
only my participation over the duration of them. Since I specialize within the field of 
software development through courses such as Introduction to Software Engineering 
and Mechanics of Programming, I am capable of understanding how benign software 
behaves and then comparing it to the behavior of trojan horses.  
 
Introduction 
 
This interdisciplinary study aims to identify the psychological methods that trojan 
horses use to disguise themselves. Trojan horses can be identified by either people or 
anti-malware software. Since there has been much research done by developers of 
anti-malware software on how to identify trojan horses with their productus, the study 
will instead focus on how trojan horses deceive people. By focusing on this aspect, the 
study will seek to create a list of potential traits that distinguish a trojan horse from a 
piece of benign software.  
 
To do this I shall first analyze as many samples of trojan horses as possible, alongside 
similar-appearing benign software, to find the common differences between them. 
After I have compiled a list, I will then pick and create examples of trojan-benign pairs 
that emphasize a specific difference. Then I will create a sub-study where people will be 
tasked with determining whether a piece of software is either a trojan horse or simply 
benign. By using this data, along with the previously compiled list, I can create 
educational materials to help people guard against trojan horse software.  
 
The idea for this study came about by comparing trojan horses to false advertising. The 
two are similar in that they make their best efforts to appear genuine until it is too late. 
There has been much research into how false advertising works psychologically and 
how to avoid it, but very little into similar concepts with respect to trojan horses. 
Therefore, I will be able to contribute to the prevention of malware attacks by doing 
this study. On a more personal note, this study will grant me insight into the human 
side of the field of computer security that will supplement my previous coursework 
within the field of software development. 
 
Methodology 
 
The study itself will be split into two distinct parts. The first part is analyzing trojan 
horses. The analysis will be done in three distinct manners. The first is studying the 
 source of the malware. This would entail scrutinizing websites that host the malware, 
phishing emails with links to said malware, and other means of transmission. The other 
two forms of analysis will be analyzing the software’s behavior from both human and 
code perspectives. The analysis of the software’s code will be kept to a minimum since 
it will only serve to contextualize the other two forms of analysis. The analyses of the 
software’s source and outward behavior will be done in comparison to benign software 
that has similar functionality to that of what the malware is trying to imitate. In 
addition, special deference will be given to any psychological techniques that are used 
by the trojan horse to appear less suspicious or more desirable than the benign 
counterpart. 
 
In order to perform these analyses, I will utilize both low-cost and specialized 
computer hardware. The low-cost hardware will be used to analyze the sources of the 
malware. The reason that more advanced hardware will not be used is to mitigate risk. 
There is little risk if a $20 computer with no personal information or unnecessary 
software is compromised. However, I will still take precautions to prevent infections. 
For the direct analysis of the malware, (both the code and human aspects) I will use 
laboratory-grade hardware to prevent the malware from doing any harm while 
simulating a normal computer. 
 
The second part of this study is a more traditional psychological study where 
participants will be asked to try and identify whether or not websites contain malware 
and if a given piece of software is a trojan horse. Participants will found through 
advertising on campus. Each participant will be given a series of websites and pieces of 
software, where both the contents and the order of which they are displayed will be 
determined randomly. The sample websites and software will be creations based on the 
prior analyses and sanitized examples that embody one method of deception or a 
specific combination of multiple. The participant will only be told the correctness of 
their choices after they have completed the entire study. The results will then be 
analyzed to see which of the observed methodologies are effective and will inform the 
overall results and conclusions of the study. 
 
Materials 
 
To begin with I will need samples of trojan horses. These will simply be found online 
and through public record. 
 
For the analysis portion of the study I will need a fresh, disposable, computer and a 
laboratory capable of simulating a nondescript internet-connected computer while 
having said computer be isolated. The former is fairly easy to obtain, something akin to 
a Raspberry Pi with a free and lightweight distribution of linux will suffice. For the latter 
however, I will need to use university resources. In addition I will also need to 
 supplement university hardware with specialized hardware that allows for me to 
simulate an internet connection and other parameters to fool the malware into acting 
as if it were on a normal computer. In addition I will need professional grade analysis 
tools to analyze the malware’s code as it is running in real time as well as to sterilize the 
malware for the second portion. 
 
For the second portion I will need access to a computer lab and participants. I will also 
need sample malware and sources to show to the participants. Those will either be 
sterilized versions of acquired samples or creations of my own design. I will also need 
some form of compensation for the participants within the study. 
 
Schedule of Work 
 
The schedule will be as follows: 
Week 1: Acquire samples of trojan horses and the necessary hardware 
Weeks 2 and 3: Begin analysis of malware with respect to the benign software 
Week 4: Finish analysis of malware and compile a list of methodologies. Begin 
advertising for study 
Week 5: Meet with advisor to go over analysis results and begin preparing examples 
for the study 
Week 6: Continue preparing examples for the study 
Week 7: Host the study and meet with advisor to go over initial results 
Weeks 8 and 9: Compile results and begin working on reports and sample 
educational materials 
Week 10: Finish formal report and create presentation of results 
 
Budget 
 
The budget will be as follows: 
● $250 Comparison study compensation 
● $1,250 Software/Lab use 
● $2,000 Additional specialty computer hardware (i.e. Internet connection simulator) 
● $8,000 Compensation 
● $500 Set aside for unforeseen expenses  
 
Biographical Background 
 
Dr. Based on a Real Person 
 
Dr. Based on a Real Person is currently a faculty member at Rochester Institute of 
Technology. They have an interest and specialization within the fields of human 
interaction within complex systems and decision-making while under time pressure. 
 They currently serve as an associate professor within the Department of Psychology 
and as an Affiliate of the Center for Cybersecurity. They have created numerous 
publications, many of which are conference proceedings within the ​Human Factors and 
Ergonomics Society,​ including one recently accepted for publication analyzing data 
science from a more human perspective. With their background in both psychological 
and technical fields, Dr. Person is uniquely qualified to advise this project. 
 
Brian Horch 
 
I am currently a second-year student at Rochester Institute of Technology. I am 
majoring in computer science and plan to minor in mathematics, and I plan to graduate 
in December 2022. Through my coursework within computer science, such as the 
classes Mechanics of Programming and Introduction to Software Engineering, I have 
found that it is very easy to create software that is opaque and hard for a user to 
comprehend. This has led me to take an interest in two fields, making software easier to 
use for the average person and how people utilize this for malicious purposes. As such, 
being able to do this project will allow me to benefit both of the aforementioned fields. 
 
Conclusion 
 
With this study, I aim to help prevent cyberattacks that could otherwise cause people’s 
personal data to be compromised or have even worse outcomes. Without funding, this 
study would be nearly impossible to do. I cannot guarantee that any analysis of malware 
will be safe without specialized hardware and software, both of which require funding. 
In addition, the study will result in the direct creation of educational materials to help 
inform people about warning signs. This creates a direct, positive, impact without the 
need for additional work. Therefore, this study should be funded for the sake of 
improving the field of cybersecurity as a whole.