Understanding the behavior of malicious applications in social networks

Authors:
Andreas Makridakis;Elias Athanasopoulos;Spiros Antonatos;Demetres Antoniades;Sotiris Ioannidis;Evangelos P. Markatos
Affiliations:
Foundation for Research & Technology Hellas;Foundation for Research & Technology Hellas;Foundation for Research & Technology Hellas;Foundation for Research & Technology Hellas;Foundation for Research & Technology Hellas;Foundation for Research & Technology Hellas
Venue:
IEEE Network: The Magazine of Global Internetworking
Year:
2010

Citing 12
Cited 0

Information revelation and privacy in online social networks

Proceedings of the 2005 ACM workshop on Privacy in the electronic society
Why phishing works

Proceedings of the SIGCHI Conference on Human Factors in Computing Systems
Group formation in large social networks: membership, growth, and evolution

Proceedings of the 12th ACM SIGKDD international conference on Knowledge discovery and data mining
Puppetnets: misusing web browsers as a distributed attack infrastructure

Proceedings of the 13th ACM conference on Computer and communications security
Analysis of topological characteristics of huge online social networking services

Proceedings of the 16th international conference on World Wide Web
Social phishing

Communications of the ACM
Measurement and analysis of online social networks

Proceedings of the 7th ACM SIGCOMM conference on Internet measurement
Antisocial Networks: Turning a Social Network into a Botnet

ISC '08 Proceedings of the 11th international conference on Information Security
Social networks and context-aware spam

Proceedings of the 2008 ACM conference on Computer supported cooperative work
All your contacts are belong to us: automated identity theft attacks on social networks

Proceedings of the 18th international conference on World wide web
Eight friends are enough: social graph approximation via public listings

Proceedings of the Second ACM EuroSys Workshop on Social Network Systems
Prying Data out of a Social Network

ASONAM '09 Proceedings of the 2009 International Conference on Advances in Social Network Analysis and Mining

Quantified Score

Hi-index	0.01

Visualization

Abstract

The World Wide Web has evolved from a collection of static HTML pages to an assortment of Web 2.0 applications. Online social networking in particular is becoming more popular by the day since the establishment of SixDegrees in 1997. Millions of people use social networking web sites daily, such as Facebook, My-Space, Orkut, and LinkedIn. A side-effect of this growth is that possible exploits can turn OSNs into platforms for malicious and illegal activities, like DDoS attacks, privacy violations, disk compromise, and malware propagation. In this article we show that social networking web sites have the ideal properties to become attack platforms. We introduce a new term, antisocial networks, that refers to distributed systems based on social networking web sites which can be exploited to carry out network attacks. An adversary can take control of a visitor's session by remotely manipulating their browsers through legitimate web control functionality such as image-loading HTML tags, JavaScript instructions, and Java applets.