Chris Grier
Vern Paxson
ABSTRACT
In this work we present a characterization of spam on Twitter. We find that 8% of 25 million URLs posted to the site point to phishing, malware, and scams listed on popular blacklists. We analyze the accounts that send spam and find evidence that it originates from previously legitimate accounts that have been compromised and are now being puppeteered by spammers. Using clickthrough data, we analyze spammers' use of features unique to Twitter and the degree that they affect the success of spam. We find that Twitter is a highly successful platform for coercing users to visit spam pages, with a clickthrough rate of 0.13%, compared to much lower rates previously reported for email spam. We group spam URLs into campaigns and identify trends that uniquely distinguish phishing, malware, and spam, to gain an insight into the underlying techniques used to attract users.
Given the absence of spam filtering on Twitter, we examine whether the use of URL blacklists would help to significantly stem the spread of Twitter spam. Our results indicate that blacklists are too slow at identifying new threats, allowing more than 90% of visitors to view a page before it becomes blacklisted. We also find that even if blacklist delays were reduced, the use by spammers of URL shortening services for obfuscation negates the potential gains unless tools that use blacklists develop more sophisticated spam filtering.
- }}D. Anderson, C. Fleizach, S. Savage, and G. Voelker. Spamscatter: Characterizing internet scam hosting infrastructure. In USENIX Security, 2007. Google Scholar
Digital Library
- }}M. Cha, H. Haddadi, F. Benevenuto, and K. Gummadi. Measuring User Influence in Twitter: The Million Follower Fallacy. In Proceedings of the 4th International Conference on Weblogs and Social Media, 2010.Google Scholar
- }}A. Chowdhury. State of Twitter spam. http://blog.twitter.com/2010/03/state-of-twitter-spam.html, March 2010.Google Scholar
- }}F-Secure. Twitter now filtering malicious URLs. http://www.f-secure.com/weblog/archives/00001745.html, 2009.Google Scholar
- }}R. Flores. The real face of Koobface. http://blog.trendmicro.com/the-real-face-of-koobface/, August 2009.Google Scholar
- }}Google. Google safebrowsing API. http://code.google.com/apis/safebrowsing/, 2010.Google Scholar
- }}D. Harvey. Trust and safety. http://blog.twitter.com/2010/03/trust-and-safety.html, March 2010.Google Scholar
- }}D. Ionescu. Twitter Warns of New Phishing Scam. http://www.pcworld.com/article/174660/twitter_warns _of_new_phishing_scam.html, October 2009.Google Scholar
- }}D. Irani, S. Webb, and C. Pu. Study of static classification of social spam profiles in MySpace. In Proceedings of the 4th International Conference on Weblogs and Social Media, 2010.Google Scholar
- }}J. John, A. Moshchuk, S. Gribble, and A. Krishnamurthy. Studying spamming botnets using Botlab. In Usenix Symposium on Networked Systems Design and Implementation (NSDI), 2009. Google ScholarDigital Library
- }}C. Kanich, C. Kreibich, K. Levchenko, B. Enright, G. Voelker, V. Paxson, and S. Savage. Spamalytics: An empirical analysis of spam marketing conversion. In Proceedings of the 15th ACM Conference on Computer and Communications Security, pages 3--14. ACM, 2008. Google ScholarDigital Library
- }}H. Kwak, C. Lee, H. Park, and S. Moon. What is Twitter, a social network or a news media? In Proceedings of the International World Wide Web Conference, 2010. Google ScholarDigital Library
- }}K. Lee, J. Caverlee, and S. Webb. Uncovering social spammers: Social honeypots + machine learning. In Proceeding of the SIGIR conference on Research and Development in Information Retrieval, pages 435--442, 2010. Google ScholarDigital Library
- }}R. McMillan. Stolen Twitter accounts can fetch $1,000. http://www.computerworld.com/s/article/9150001/Stolen_ Twitter_accounts_can_fetch_1_000, 2010.Google Scholar
- }}B. Meeder, J. Tam, P. G. Kelley, and L. F. Cranor. RT @IWantPrivacy: Widespread violation of privacy settings in the Twitter social network. In Web 2.0 Security and Privacy, 2010.Google Scholar
- }}J. O'Dell. Twitter hits 2 billion tweets per month. http://mashable.com/2010/06/08/twitter-hits-2-billion- tweets-per-month/, June 2010.Google Scholar
- }}A. Pitsillidis, K. Levchenko, C. Kreibich, C. Kanich, G. Voelker, V. Paxson, N. Weaver, and S. Savage. Botnet Judo: Fighting spam with itself. 2010.Google Scholar
- }}Z. Qian, Z. Mao, Y. Xie, and F. Yu. On network-level clusters for spam detection. In Proceedings of the Network and Distributed System Security Symposium (NDSS), 2010.Google Scholar
- }}M. Sahami, S. Dumais, D. Heckerman, and E. Horvitz. A Bayesian approach to filtering junk e-mail. In Learning for Text Categorization: Papers from the 1998 workshop. Madison, Wisconsin: AAAI Technical Report WS-98-05, 1998.Google Scholar
- }}E. Schonfeld. When it comes to URL shoteners, bit.ly is now the biggest. http://techcrunch.com/2009/05/07/when-it- comes-to-url-shorteners-bitly-is-now-the-biggest/, May 2009.Google Scholar
- }}K. Thomas and D. M. Nicol. The Koobface botnet and the rise of social malware. Technical report, University of Illinois at Urbana-Champaign, July 2010. https://www.ideals.illinois.edu/handle/2142/16598.Google Scholar
- }}Twitter. The Twitter rules. http://help.twitter.com/forums/26257/entries/18311, 2009.Google Scholar
- }}URIBL. URIBL.COM -- realtime URI blacklist. http://uribl.com/, 2010.Google Scholar
- }}Y. Wang, M. Ma, Y. Niu, and H. Chen. Spam double-funnel: Connecting web spammers with advertisers. In Proceedings of the International World Wide Web Conference, pages 291--300, 2007. Google ScholarDigital Library
- }}J. Wein. Joewein.de LLC -- fighting spam and scams on the Internet. http://www.joewein.net/.Google Scholar
- }}C. Wisniewski. Twitter hack demonstrates the power of weak passwords. http://www.sophos.com/blogs/chetw/g/2010/03/07/twitter- hack-demonstrates-power-weak-passwords/, March 2010.Google Scholar
- }}Y. Xie, F. Yu, K. Achan, R. Panigrahy, G. Hulten, and I. Osipkov. Spamming botnets: Signatures and characteristics. Proceedings of ACM SIGCOMM, 2008. Google ScholarDigital Library
Index Terms
- @spam: the underground on 140 characters or less
Recommendations
Spam filtering in twitter using sender-receiver relationship
RAID'11: Proceedings of the 14th international conference on Recent Advances in Intrusion DetectionTwitter is one of the most visited sites in these days. Twitter spam, however, is constantly increasing. Since Twitter spam is different from traditional spam such as email and blog spam, conventional spam filtering methods are inappropriate to detect ...
Towards Measuring the Role of Phone Numbers in Twitter-Advertised Spam
ASIACCS '18: Proceedings of the 2018 on Asia Conference on Computer and Communications SecurityThe telephony channel has become an attractive target for cyber criminals, who are using it to craft a variety of attacks. In addition to delivering voice and messaging spam, this channel is also being used to lure victims into calling phone numbers ...
TrackBack spam: abuse and prevention
CCSW '09: Proceedings of the 2009 ACM workshop on Cloud computing securityContemporary blogs receive comments and TrackBacks, which result in cross-references between blogs. We conducted a longitudinal study of TrackBack spam, collecting and analyzing almost 10 million samples from a massive spam campaign over a one-year ...
Comments