The Koobface botnet and the rise of social malware?

Kurt Thomas, David M. Nicol

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

As millions of users flock to online social networks, sites such as Facebook and Twitter are becoming increasingly attractive targets for spam, phishing, and malware. The Koobface botnet in particular has honed its efforts to exploit social network users, leveraging zombies to generate accounts, befriend victims, and to send malware propagation spam. In this paper, we explore Koobface's zombie infrastructure and analyze one month of the botnet's activity within both Facebook and Twitter. Constructing a zombie emulator, we are able to infiltrate the Koobface botnet to discover the identities of fraudulent and compromised social network accounts used to distribute malicious links to over 213,000 social network users, generating over 157,000 clicks. Despite the use of domain blacklisting services by social network operators to filter malicious links, current defenses recognize only 27% of threats and take on average 4 days to respond. During this period, 81% of vulnerable users click on Koobface spam, highlighting the ineffectiveness of blacklists.

Original languageEnglish (US)
Title of host publicationProceedings of the 5th IEEE International Conference on Malicious and Unwanted Software, Malware 2010
Pages63-70
Number of pages8
DOIs
StatePublished - 2010
Event5th International Conference on Malicious and Unwanted Software, Malware 2010 - Nancy, France
Duration: Oct 19 2010Oct 20 2010

Publication series

NameProceedings of the 5th IEEE International Conference on Malicious and Unwanted Software, Malware 2010

Other

Other5th International Conference on Malicious and Unwanted Software, Malware 2010
Country/TerritoryFrance
CityNancy
Period10/19/1010/20/10

ASJC Scopus subject areas

  • Software

Fingerprint

Dive into the research topics of 'The Koobface botnet and the rise of social malware?'. Together they form a unique fingerprint.

Cite this