Online social networks (OSNs) are popular collaboration and
communication tools for millions of users and their friends.
Unfortunately, in the wrong hands, they are also effective tools for executing spam
campaigns and spreading malware. Intuitively, a user is more likely to respond
to a message from a Facebook friend than from a stranger, thus making
social spam a more effective distribution mechanism than traditional
email. In fact, existing evidence shows malicious entities are already
attempting to compromise OSN account credentials to support these
"high-return" spam campaigns.
In this project, we launch an initial study to quantify and
characterize spam campaigns launched using accounts on online social
networks. We study a large anonymized dataset of asynchronous "wall"
messages between Facebook users. We analyze all wall messages received by roughly
3.5 million Facebook users (more than 187 million messages in all),
and use a set of automated techniques to detect and characterize
coordinated spam campaigns. Our system detected roughly 200,000 malicious wall
posts with embedded URLs, originating from more than 57,000 user accounts.
We find that more than 70% of all malicious wall posts advertise phishing
sites. We also study the characteristics of malicious accounts, and see that more
than 97% are compromised accounts, rather than "fake" accounts
created solely for the purpose of spamming. Finally, we observe that, when adjusted
to the local time of the sender, spamming dominates actual wall post activity
in the early morning hours, when normal users are asleep.