research-article

The socio-monetary incentives of online social network malware campaigns

Authors:

Ting-Kai Huang,

Harsha V. Madhyastha,

Michalis FaloutsosAuthors Info & Claims

COSN '14: Proceedings of the second ACM conference on Online social networks

Pages 259 - 270

https://doi.org/10.1145/2660460.2660478

Published: 01 October 2014 Publication History

Abstract

Online social networks (OSNs) offer a rich medium of malware propagation. Unlike other forms of malware, OSN malware campaigns direct users to malicious websites that hijack their accounts, posting malicious messages on their behalf with the intent of luring their friends to the malicious website, thus triggering word-of-mouth infections that cascade through the network compromising thousands of accounts. But how are OSN users lured to click on the malicious links? In this work, we monitor 3.5 million Facebook accounts and explore the role of pure monetary, social, and combined socio-monetary psychological incentives in OSN malware campaigns. Among other findings we see that the majority of the malware campaigns rely on pure social incentives. However, we also observe that malware campaigns using socio-monetary incentives infect more accounts and last longer than campaigns with pure monetary or social incentives. The latter suggests the efficiency of an epidemic tactic surprisingly similar to the mechanism used by biological pathogens to cope with diverse gene pools.

References

[1]

MyPageKeeper. https://apps.facebook.com/mypagekeeper/.

[2]

MW Adams, AH Ellingboe, and EC Rossman. Biological uniformity and disease epidemics. BioScience, pages 1067--1070, 1971.

[3]

AWS. Amazon Mechanical Turk. https://www.mturk.com/mturk/, 2013.

[4]

Kregg Aytes and Terry Connolly. Computer Security and Risky Computing Practices: A Rational Choice Perspective. Journal of Organizational and End User Computing, 16(3):22--40, 2004.

[5]

J. Balthrop. Technological Networks and the Spread of Computer Viruses. science, 304(5670):527--529, April 2004.

[6]

K. M. Chin and M. S. Wolfe. Selection on Erysiphe graminis in pure and mixed stands of barley. Plant Pathology, 33(4):535--546, December 1984.

[7]

Fred Cohen. Computer viruses: theory and experiments. Computers & security, 6(1):22--35, 1987.

Digital Library

[8]

Yves Deswarte, Karama Kanoun, and Jean-Claude Laprie. Diversity against accidental and deliberate faults. In Computer Security, Dependability, and Assurance, pages 171--171. IEEE Computer Society, 1998.

Digital Library

[9]

Inc. Facebook. Facebook reports first quarter 2013 results. March 2013.

[10]

R Ford and E H Spafford. Computer science: Happy birthday, dear viruses. Science, 317(5835):210--211, July 2007.

[11]

Stephanie Forrest and Catherine Beauchemin. Computer immunology. Immunological Reviews, 216(1):176--197, 2007.

[12]

Stephanie Forrest, Steven A Hofmeyr, and Anil Somayaji. Computer immunology. Communications of the ACM, 40(10):88--96, 1997.

Digital Library

[13]

a. Ganesh, L. Massoulié, and D. Towsley. The effect of network topology on the spread of epidemics. IEEE INFOCOM, 2(C):1455--1466, 2005.

[14]

Jianxi Gao, Sergey V Buldyrev, H Eugene Stanley, and Shlomo Havlin. Networks formed from interdependent networks. Nature Physics, 8(1):40--48, December 2011.

[15]

Jacob Goldenberg, Yuval Shavitt, Eran Shir, and Sorin Solomon. Distributive immunization of networks against viruses using the 'honey-pot' architecture. Nature Physics, 1(3):184--188, December 2005.

[16]

Josef Hadar and William R Russell. Rules for Ordering Uncertain Prospects. The American Economic Review, 59(1):25--34, January 1969.

[17]

James Heyman and Dan Ariely. Effort for payment a tale of two markets. Psychological Science, 15(11):787--793, 2004.

[18]

A E Howe, I Ray, M Roberts, M Urbanska, and Z Byrne. The Psychology of Security for the Home Computer User. In Security and Privacy (SP), 2012 IEEE Symposium on IS -, pages 209--223. IEEE, 2012.

Digital Library

[19]

Ting-Kai Huang, Md Sazzadur Rahman, Harsha Madhyastha, Michalis Faloutsos, and Bruno Ribeiro. An analysis of socware cascades in online social networks. In WWW, 2013.

Digital Library

[20]

Hyphenet. Facebook phishing scam costs victims thousands of dollars, http://goo.gl/4uVME4.

[21]

Bryan Klimt and Yiming Yang. Introducing the enron corpus. In First conference on email and anti-spam (CEAS), 2004.

[22]

Eytan Adar Lada Adamic, Thomas Lento and Pauline Ng. The evolution of memes on facebook, http://goo.gl/JysRpD.

[23]

E A Leicht and Raissa M D'Souza. Percolation on interacting networks. arXiv preprint arXiv:0907.0894, 2009.

[24]

V Levenshtein. Binary codes capable of correcting spurious insertions and deletions of ones. Problems of Information Transmission, 1(1):8--17, 1965.

[25]

Hsi-Peng Lu, Chin-Lung Hsu, and Hsiu-Ying Hsu. An empirical study of the effect of perceived risk upon intention to use online applications. Information Management & Computer Security, 13(2):106--120, 2005.

[26]

Robert McGill, John W. Tukey, and Wayne A. Larsen. Variations of box plots. The American Statistician, 32(1):12--16, 1978.

[27]

Cristopher Moore and Mark EJ Newman. Epidemics and percolation in small-world networks. Physical Review E, 61(5):5678, 2000.

[28]

C. C. Mundt. Use of multiline cultivars and cultivar mixtures for disease management. Annual Review of Phytopathology, 40(1):381--410, September 2002.

[29]

Andrew Newell, Daniel Obenshain, Thomas Tantillo, Cristina Nita-Rotaru, and Yair Amir. Increasing network resiliency by optimally assigning diverse variants to routing nodes. In IEEE/IFIP International Conference on Dependable Systems and Networks, pages 1--12. IEEE, June 2013.

Digital Library

[30]

M. Newman, Stephanie Forrest, and Justin Balthrop. Email networks and the spread of computer viruses. Physical Review E, 66(3):035101, September 2002.

[31]

Mark Newman. Networks: An Introduction. Oxford University Press, Inc., May 2010.

Digital Library

[32]

B. Aditya Prakash, Hanghang Tong, Nicholas Valler, Michalis Faloutsos, and Christos Faloutsos. Virus Propagation on Time-Varying Networks: Theory and Immunization Algorithms. In Machine Learning and Knowledge Discovery in Databases, volume 6323, pages 99--114. Springer Berlin Heidelberg, Berlin, Heidelberg, 2010.

Digital Library

[33]

Md Sazzadur Rahman, Ting-Kai Huang, Harsha V. Madhyastha, and Michalis Faloutsos. Efficient and scalable socware detection in online social networks. In USENIX Security, 2012.

Digital Library

[34]

Matthew Richardson, Rakesh Agrawal, and Pedro Domingos. Trust management for the semantic web. In The Semantic Web-ISWC 2003, pages 351--368. Springer, 2003.

Digital Library

[35]

Matt Russell. Facebook scam involves money transfers to the philippines, http://goo.gl/SMLDyh.

[36]

Eugene H. Spafford. Computer viruses as artificial life. Artificial Life, 1(3):249--265, 1994.

Digital Library

[37]

Charles Steinfield, Nicole B. Ellison, and Cliff Lampe. Social capital, self-esteem, and use of online social network sites: A longitudinal analysis. Journal of Applied Developmental Psychology, 29(6):434--445, November 2008.

[38]

Hanghang Tong, B. Aditya Prakash, Charalampos Tsourakakis, Tina Eliassi-Rad, Christos Faloutsos, and Duen Horng Chau. On the Vulnerability of Large Graphs. In ICDM, pages 1091--1096. IEEE, December 2010.

Digital Library

[39]

AJ Ullstrup. The impacts of the southern corn leaf blight epidemics of 1970--1971. Annual Review of Phytopathology, 10(1):37--50, 1972.

[40]

U.S. Census Bureau. Genealogy Data: Frequently Occurring Surnames from Census 2000. http://www.census.gov/genealogy/www/data/2000surnames/Top1000.xls, 2000.

[41]

Lorys M. M. A. Villaréal and Christian Lannou. Selection for Increased Spore Efficacy by Host Genetic Background in a Wheat Powdery Mildew Population. Phytopathology, 90(12):1300--1306, December 2000.

[42]

John Von Neumann and Arthur Walter Burks. Theory of self-reproducing automata. University of Illinois press Urbana, 1966.

Digital Library

[43]

Huijuan Wang, Qian Li, Gregorio D'Agostino, Shlomo Havlin, H. Eugene Stanley, and Piet Van Mieghem. Effect of the interconnected network structure on the epidemic threshold. Physical Review E, 88(2):022801, August 2013.

[44]

P. Wang, M. C. Gonzalez, C. A. Hidalgo, and A. L. Barabasi. Understanding the Spreading Patterns of Mobile Phone Viruses. Science, 324(5930):1071--1076, May 2009.

[45]

Ryan West. The psychology of security. Communications of the ACM, 51(4):34--40, April 2008.

Digital Library

[46]

X. M. Xu and M. S. Ridout. Stochastic simulation of the spread of race-specific and race-nonspecific aerial fungal pathogens in cultivar mixtures. Plant Pathology, 49(2):207--218, April 2000.

Cited By

Arzani BCiraci SSaroiu SWolman AStokes JOuthred GDiwu LBhagwan RPorter G(2020)PrivateEyeProceedings of the 17th Usenix Conference on Networked Systems Design and Implementation10.5555/3388242.3388300(797-816)Online publication date: 25-Feb-2020
https://dl.acm.org/doi/10.5555/3388242.3388300
Garcia DAbisheva ASchweitzer F(2017)Evaluative Patterns and Incentives in YouTubeSocial Informatics10.1007/978-3-319-67256-4_24(301-315)Online publication date: 2-Sep-2017
https://doi.org/10.1007/978-3-319-67256-4_24
Ribeiro BHoang MSingh AGangemi ALeonardi SPanconesi A(2015)Beyond ModelsProceedings of the 24th International Conference on World Wide Web10.1145/2736277.2741677(885-895)Online publication date: 18-May-2015
https://dl.acm.org/doi/10.1145/2736277.2741677
Show More Cited By

Index Terms

The socio-monetary incentives of online social network malware campaigns
1. Human-centered computing
  1. Human computer interaction (HCI)

Recommendations

Detecting social malware and its ecosystem in online social networks
Detecting and characterizing social spam campaigns
IMC '10: Proceedings of the 10th ACM SIGCOMM conference on Internet measurement

Online social networks (OSNs) are popular collaboration and communication tools for millions of users and their friends. Unfortunately, in the wrong hands, they are also effective tools for executing spam campaigns and spreading malware. Intuitively, a ...
Leveraging Social Network Analysis and Supervised Machine Learning to Study Coordination in Online Information Campaigns

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

COSN '14: Proceedings of the second ACM conference on Online social networks

October 2014

288 pages

ISBN:9781450331982

DOI:10.1145/2660460

General Chair:
Alessandra Sala
Bell Laboratories, Ireland
,
Program Chairs:
Ashish Goel
Stanford / Twitter, USA
,
Krishna Gummadi
MPI-SWS, Germany

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

ACM: Association for Computing Machinery

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 October 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

COSN'14

Sponsor:

ACM

COSN'14: Conference on Online Social Networks

October 1 - 2, 2014

Dublin, Ireland

Acceptance Rates

COSN '14 Paper Acceptance Rate 25 of 87 submissions, 29%;

Overall Acceptance Rate 69 of 307 submissions, 22%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
125
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)1

Reflects downloads up to 03 Oct 2024

Other Metrics

View Author Metrics

Citations

Cited By

Arzani BCiraci SSaroiu SWolman AStokes JOuthred GDiwu LBhagwan RPorter G(2020)PrivateEyeProceedings of the 17th Usenix Conference on Networked Systems Design and Implementation10.5555/3388242.3388300(797-816)Online publication date: 25-Feb-2020
https://dl.acm.org/doi/10.5555/3388242.3388300
Garcia DAbisheva ASchweitzer F(2017)Evaluative Patterns and Incentives in YouTubeSocial Informatics10.1007/978-3-319-67256-4_24(301-315)Online publication date: 2-Sep-2017
https://doi.org/10.1007/978-3-319-67256-4_24
Ribeiro BHoang MSingh AGangemi ALeonardi SPanconesi A(2015)Beyond ModelsProceedings of the 24th International Conference on World Wide Web10.1145/2736277.2741677(885-895)Online publication date: 18-May-2015
https://dl.acm.org/doi/10.1145/2736277.2741677
Scekic O(2015)Incentive Mechanisms for Social ComputingProceedings of the 2015 IEEE International Conference on Self-Adaptive and Self-Organizing Systems Workshops10.1109/SASOW.2015.32(162-167)Online publication date: 21-Sep-2015
https://dl.acm.org/doi/10.1109/SASOW.2015.32
Marinescu IKlein NChamberlain ASmart M(undefined)Incentives Can Reduce Bias in Online ReviewsSSRN Electronic Journal10.2139/ssrn.3092828
https://doi.org/10.2139/ssrn.3092828

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents