research-article

Suspended accounts in retrospect: an analysis of twitter spam

Authors:

Vern PaxsonAuthors Info & Claims

IMC '11: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference

Pages 243 - 258

https://doi.org/10.1145/2068816.2068840

Published: 02 November 2011 Publication History

Abstract

In this study, we examine the abuse of online social networks at the hands of spammers through the lens of the tools, techniques, and support infrastructure they rely upon. To perform our analysis, we identify over 1.1 million accounts suspended by Twitter for disruptive activities over the course of seven months. In the process, we collect a dataset of 1.8 billion tweets, 80 million of which belong to spam accounts. We use our dataset to characterize the behavior and lifetime of spam accounts, the campaigns they execute, and the wide-spread abuse of legitimate web services such as URL shorteners and free web hosting. We also identify an emerging marketplace of illegitimate programs operated by spammers that include Twitter account sellers, ad-based URL shorteners, and spam affiliate programs that help enable underground market diversification.

Our results show that 77% of spam accounts identified by Twitter are suspended within on day of their first tweet. Because of these pressures, less than 9% of accounts form social relationships with regular Twitter users. Instead, 17% of accounts rely on hijacking trends, while 52% of accounts use unsolicited mentions to reach an audience. In spite of daily account attrition, we show how five spam campaigns controlling 145 thousand accounts combined are able to persist for months at a time, with each campaign enacting a unique spamming strategy. Surprisingly, three of these campaigns send spam directing visitors to reputable store fronts, blurring the line regarding what constitutes spam on social networks.

References

[1]

D. Anderson, C. Fleizach, S. Savage, and G. Voelker. Spamscatter: Characterizing internet scam hosting infrastructure. In USENIX Security, 2007.

Digital Library

[2]

F. Benevenuto, G. Magno, T. Rodrigues, and V. Almeida. Detecting Spammers on Twitter. In Proceedings of the Conference on Email and Anti-Spam (CEAS), 2010.

[3]

bit.ly. Spam and Malware Protection. 2009. http://blog.bit.ly/post/138381844/spam-and-malware-protection.

[4]

G. Danezis and P. Mittal. Sybilinfer: Detecting sybil nodes using social networks. In Proceedings of the Network and Distributed System Security Symposium (NDSS), 2009.

[5]

H. Gao, J. Hu, C. Wilson, Z. Li, Y. Chen, and B. Zhao. Detecting and characterizing social spam campaigns. In Proceedings of the Internet Measurement Conference (IMC), 2010.

Digital Library

[6]

C. Grier, K. Thomas, V. Paxson, and M. Zhang. @spam: the underground on 140 characters or less. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), 2010.

Digital Library

[7]

T. Holz, C. Gorecki, F. Freiling, and K. Rieck. Detection and mitigation of fast-flux service networks. In Proceedings of the 15th Annual Network and Distributed System Security Symposium (NDSS), 2008.

[8]

HootSuite. Kapow! HootSuite Fights the Evils of Phishing, Malware, and Spam. 2010. http://blog.hootsuite.com/hootsuite-fights-malware-phishing/.

[9]

C. Kanich, C. Kreibich, K. Levchenko, B. Enright, G. Voelker, V. Paxson, and S. Savage. Spamalytics: An empirical analysis of spam marketing conversion. In Proceedings of the 15th ACM Conference on Computer and Communications Security, 2008.

Digital Library

[10]

B. Krebs. Battling the zombie web site armies. https://krebsonsecurity.com/2011/01/battling-the-zombie-web-site-armies/#more-7522, 2011.

[11]

C. Kreibich, C. Kanich, K. Levchenko, B. Enright, G. Voelker, V. Paxson, and S. Savage. Spamcraft: An inside look at spam campaign orchestration. In USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET), 2009.

Digital Library

[12]

K. Lee, J. Caverlee, and S. Webb. Uncovering social spammers: social honeypots machine learning. In Proceeding of the International ACM SIGIR Conference on Research and Development in Information Retrieval, 2010.

Digital Library

[13]

K. Levchenko, A. Pitsillidis, N. Chachra, B. Enright, M. Felegyhazi, C. Grier, T. Halvorson, C. Kanich, C. Kreibich, H. Liu, D. McCoy, N. Weaver, V. Paxson, G. M. Voelker, and S. Savage. Click Trajectories: End-to-End Analysis of the Spam Value Chain. In Proceedings of the IEEE Symposium on Security and Privacy, May 2011.

Digital Library

[14]

M. Motoyama, D. McCoy, K. Levchenko, S. Savage, and G. M. Voelker. Dirty jobs: The role of freelance labor in web service abuse. In Proceedings of the 20th USENIX Security Symposium, 2011.

Digital Library

[15]

A. Ramachandran, N. Feamster, and S. Vempala. Filtering spam with behavioral blacklisting. In Proceedings of the 14th ACM Conference on Computer and Communications Security, 2007.

Digital Library

[16]

S. Sinha, M. Bailey, and F. Jahanian. Shades of grey: On the effectiveness of reputation-based blacklists. In 3rd International Conference on Malicious and Unwanted Software, 2008.

[17]

J. Song, S. Lee, and J. Kim. Spam filtering in twitter using sender-receiver relationship. In Proceedings of International Symposium on Recent Advances in Intrusion Detection (RAID), 2011.

Digital Library

[18]

B. Stone-Gross, R. Abman, R. Kemmerer, C. Kruegel, D. Steigerwald, and G. Vigna. The Underground Economy of Fake Antivirus Software. In Proceedings of the Workshop on Economics of Information Security (WEIS), 2011.

[19]

G. Stringhini, C. Kruegel, and G. Vigna. Detecting Spammers on Social Networks. In Proceedings of the Annual Computer Security Applications Conference (ACSAC), 2010.

Digital Library

[20]

K. Thomas, C. Grier, J. Ma, V. Paxson, and D. Song. Design and Evaluation of a Real-time URL Spam Filtering Service. In Proceedings of the 32nd IEEE Symposium on Security and Privacy, 2011.

Digital Library

[21]

Twitter. The Twitter Rules. http://support.twitter.com/entries/18311-the-twitter-rules, 2010.

[22]

Twitter. Twitter API wiki. http://dev.twitter.com/doc, 2010.

[23]

Twitter. Numbers. http://blog.twitter.com/2011/03/numbers.html, March 2011.

[24]

Twitter. OAuth FAQ. https://dev.twitter.com/docs/auth/oauth/faq, 2011.

[25]

Twitter. Terms of service, May 2011. http://twitter.com/tos.

[26]

H. Yu, M. Kaminsky, P. Gibbons, and A. Flaxman. Sybilguard: defending against sybil attacks via social networks. ACM SIGCOMM Computer Communication Review, 2006.

Digital Library

Cited By

Aniket Agravat Umang Makwana Sahil Mehta Devashish Mondal Sushant Gawade (2024)Fake Social Media Profile Detection and Reporting Using Machine LearningInternational Journal of Advanced Research in Science, Communication and Technology10.48175/IJARSCT-16695(465-470)Online publication date: 30-Mar-2024
https://doi.org/10.48175/IJARSCT-16695
NAKANO HCHIBA DKOIDE TFUKUSHI NYAGI THARIU TYOSHIOKA KMATSUMOTO T(2024)Understanding Characteristics of Phishing Reports from Experts and Non-Experts on TwitterIEICE Transactions on Information and Systems10.1587/transinf.2023EDP7221E107.D:7(807-824)Online publication date: 1-Jul-2024
https://doi.org/10.1587/transinf.2023EDP7221
Gao ZThebault-Spieker J(2024)Investigating Influential Users' Responses to Permanent Suspension on Social MediaProceedings of the ACM on Human-Computer Interaction10.1145/36373568:CSCW1(1-41)Online publication date: 26-Apr-2024
https://dl.acm.org/doi/10.1145/3637356
Show More Cited By

Index Terms

Suspended accounts in retrospect: an analysis of twitter spam
1. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

@spam: the underground on 140 characters or less
CCS '10: Proceedings of the 17th ACM conference on Computer and communications security

In this work we present a characterization of spam on Twitter. We find that 8% of 25 million URLs posted to the site point to phishing, malware, and scams listed on popular blacklists. We analyze the accounts that send spam and find evidence that it ...
Rise of spam and compromised accounts in online social networks

Ever increasing fame and obsession for social networks has also coxswained a dramatic increase in the presence of malicious activities. As a result, various researchers have proposed different features and techniques to detect and reduce this menace. ...
Twitter: who gets caught? observed trends in social micro-blogging spam
WebSci '14: Proceedings of the 2014 ACM conference on Web science

Spam in Online Social Networks (OSNs) is a systemic problem that imposes a threat to these services in terms of undermining their value to advertisers and potential investors, as well as negatively affecting users' engagement. In this work, we present a ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

IMC '11: Proceedings of the 2011 ACM SIGCOMM conference on Internet measurement conference

November 2011

612 pages

ISBN:9781450310130

DOI:10.1145/2068816

Program Chairs:
Patrick Thiran
EPFL, Switzerland
,
Walter Willinger
AT&T Labs-Research, USA

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

In-Cooperation

USENIX Assoc: USENIX Assoc

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 02 November 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

IMC '11

Sponsor:

IMC '11: Internet Measurement Conference

November 2 - 4, 2011

Berlin, Germany

Acceptance Rates

Overall Acceptance Rate 277 of 1,083 submissions, 26%

Upcoming Conference

IMC '24

Sponsor:
sigcomm
sigcomm

ACM Internet Measurement Conference

November 4 - 6, 2024

Madrid , AA , Spain

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

288
Total Citations
View Citations
1,732
Total Downloads

Downloads (Last 12 months)52
Downloads (Last 6 weeks)8

Reflects downloads up to 27 Jul 2024

Other Metrics

View Author Metrics

Citations

Cited By

Aniket Agravat Umang Makwana Sahil Mehta Devashish Mondal Sushant Gawade (2024)Fake Social Media Profile Detection and Reporting Using Machine LearningInternational Journal of Advanced Research in Science, Communication and Technology10.48175/IJARSCT-16695(465-470)Online publication date: 30-Mar-2024
https://doi.org/10.48175/IJARSCT-16695
NAKANO HCHIBA DKOIDE TFUKUSHI NYAGI THARIU TYOSHIOKA KMATSUMOTO T(2024)Understanding Characteristics of Phishing Reports from Experts and Non-Experts on TwitterIEICE Transactions on Information and Systems10.1587/transinf.2023EDP7221E107.D:7(807-824)Online publication date: 1-Jul-2024
https://doi.org/10.1587/transinf.2023EDP7221
Gao ZThebault-Spieker J(2024)Investigating Influential Users' Responses to Permanent Suspension on Social MediaProceedings of the ACM on Human-Computer Interaction10.1145/36373568:CSCW1(1-41)Online publication date: 26-Apr-2024
https://dl.acm.org/doi/10.1145/3637356
Tsuchiya TCuevas AChristin NChua TNgo CKa-Wei Lee RKumar RLauw H(2024)Identifying Risky Vendors in Cryptocurrency P2P MarketplacesProceedings of the ACM on Web Conference 202410.1145/3589334.3645475(99-110)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589334.3645475
Nakano HChiba DKoide TFukushi NYagi THariu TYoshioka KMatsumoto T(2023)Canary in Twitter Mine: Collecting Phishing Reports from Experts and Non-expertsProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3600163(1-12)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3600163
Breuer AKhosravani NTingley MCottel BSingh ASun YAkoglu LGunopulos DYan XKumar ROzcan FYe J(2023)Preemptive Detection of Fake Accounts on Social Networks via Multi-Class Preferential Attachment ClassifiersProceedings of the 29th ACM SIGKDD Conference on Knowledge Discovery and Data Mining10.1145/3580305.3599471(105-116)Online publication date: 6-Aug-2023
https://dl.acm.org/doi/10.1145/3580305.3599471
Han CSeering JKumar DHancock JDurumeric Z(2023)Hate Raids on Twitch: Echoes of the Past, New Modalities, and Implications for Platform GovernanceProceedings of the ACM on Human-Computer Interaction10.1145/35796097:CSCW1(1-28)Online publication date: 16-Apr-2023
https://dl.acm.org/doi/10.1145/3579609
Hong GWu MChen PLiao XYe GYang MMeng WJensen CCremers CKirda E(2023)Understanding and Detecting Abused Image Hosting Modules as Malicious ServicesProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623143(3213-3227)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623143
Tsuchiya TCuevas AMagelinski TChristin N(2023)Misbehavior and Account Suspension in an Online Financial Communication PlatformProceedings of the ACM Web Conference 202310.1145/3543507.3583385(2686-2697)Online publication date: 30-Apr-2023
https://dl.acm.org/doi/10.1145/3543507.3583385
Deng LWu CLian DWu YChen E(2023)Markov-Driven Graph Convolutional Networks for Social Spammer DetectionIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2022.315066935:12(12310-12322)Online publication date: 1-Dec-2023
https://doi.org/10.1109/TKDE.2022.3150669
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents