Abstract
In the past few years, there has been a substantial growth in the number of users who employ social network services (SNS) for communicating and sharing information with their friends. Notwithstanding many plus points of SNSs, they have some drawbacks which can be potentially misused by perpetrators for their destructive goals. Owing to a massive amount of personal data stored and exchanged on SNSs and the simplicity of gaining access to the vast majority of data using illegitimate methods like social engineering techniques, these services are highly vulnerable to privacy intrusion threats. Moreover, the tremendous number of users of SNSs and a variety of communication features provided by these services, make SNSs as a suitable target for virus authors to employ them for infecting users’ machines. This paper investigates threats, vulnerabilities, and risks that endanger privacy of SNS users. It also encompasses techniques used by cybercriminals for propagating malicious software (malware) and launching attacks against victims’ machines through these services. The paper eventually presents a set of recommendations to eliminate or mitigate the privacy and malware risks of SNS.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Statistics Facebook (2011), http://www.facebook.com/press/info.php?statistics
Facebook.com Site Info (2011), www.alexa.com/siteinfo/facebook.com
Giglio, M.: Tunisia Protests: The Facebook Revolution (2011), http://news.yahoo.com/s/dailybeast/20110115/ts_dailybeast/1186_tunisaproteststhefacebookrevolution
Hauslohner, A.: Is Egypt About to Have a Facebook Revolution? (2011), www.time.com/time/world/article/0,8599,2044142,00.html
Giglio, M.: Inside Egypt’s Facebook Revolt (2011), www.newsweek.com/2011/01/27/inside-egypt-s-facebook-revolt.html
Boyd, D.M., Ellison, N.B.: Social network sites: definition, history, and scholarship. Journal of Computer-Mediated Communication 13(1) (2007)
Zhang, C., Sun, J., Zhu, X., Fang, Y.: Privacy and security for online social networks: challenges and opportunities. IEEE Network 24(4), 13–18 (2010)
Hogben, G.: Security Issues and Recommendations for Online Social Networks, Position Paper. ENISA, European Network and Information Security Agency (2007)
Huber, M., Mulazzani, M., Weippl, E.: Social networking sites security: Quo Vadis, Social Computing (SocialCom). In: 2010 IEEE Second International Conference, pp. 1117–1122 (2010)
Cutillo, L.A., Molva, R., Strufe, T.: Privacy preserving social networking through decentralization, Wireless On-Demand Network Systems and Services. In: WONS 2009: Sixth International Conference, pp. 145–152 (2009)
G’alvez-Cruz, D.C.: An environment for protecting the privacy of e-shoppers, Ph.D. dissertation, Department of Computing Science, University of Glasgow (2009)
Bonneau, J., Preibusch, S.: The Privacy Jungle: On the Market for Privacy in Social Networks. In: Eighth Workshop on the Economics of Information Security, WEIS (2009)
Privacy Policy Facebook (2011), www.facebook.com/policy.php
Wu, C.: A Better Mobile Experience (2011), http://blog.facebook.com/blog.php?post=496520902130
Huber, M., Mulazzani, M., Weippl, E., Kitzler, G., Goluch, S.: Friend-in-the-middle Attacks: Exploiting Social Networking Sites for Spam, Internet Computing. IEEE, Los Alamitos (2011)
Sophos security threat report 2011 (2011), https://secure.sophos.com/securitywhitepapers/sophos-security-threat-report-2011-wpna
Zhang, L., Zhang, W.: Edge Anonymity in Social Network Graphs. In: CSE 2009:International Conference on Computational Science and Engineering, vol. 4, pp. 1–8 (2009)
Seong, S. W., Seo, J., Nasielski, M., Sengupta, D., Hangal, S., Teh, S.K., Chu, R., Dodson, B., Lam, M. S.: Preserving Privacy with PrPl: a Decentralized Social Networking Infrastructure (2010), http://prpl.stanford.edu/papers/pets10.pdf
Diaspora, https://joindiaspora.com
Makridakis, A., Athanasopoulos, E., Antonatos, S., Antoniades, D., Ioannidis, S., Markatos, E.P.: Understanding the behavior of malicious applications in social networks. IEEE Network 24(5), 14–19 (2010)
Thomas, K., Nicol, D.M.: The Koobface botnet and the rise of social malware. In: 2010 5th International Conference on Malicious and Unwanted Software (MALWARE), pp. 63–70 (2010)
Robertson, M., Pan, Y., Yuan, B.: A social approach to security: using social networks to help detect malicious web content. In: 2010 International Conference on Intelligent Systems and Knowledge Engineering (ISKE), pp. 436–441 (2010)
Cluley, G.: How to clean up your Facebook profile after a survey scam (2010), www.youtube.com/watch?v=Or-qR0Y300w
Faghani, M.R., Saidi, H.: Malware propagation in Online Social Networks. In: 2009 4th International Conference on Malicious and Unwanted Software (MALWARE), pp. 8–14 (2009)
Wueest, C.: New XSS Facebook Worm Allows Automatic Wall Posts (2011), http://www.symantec.com/connect/blogs/new-xss-facebook-worm-allows-automatic-wall-posts
Cybercriminals Now Using Public Social Networks to Give Command and Control Orders to Banking Trojans (2010), http://blogs.rsa.com/rsafarl/cybercriminals-now-using-public-social-networks-to-give-command-and-control-orders-to-banking-trojans
Fisher, D.: Attackers Moving to Social Networks for Command and Control (2010), http://threatpost.com/en_us/blogs/attackers-moving-social-networks-command-and-control-071910
Agrawal, P., Narayanan, P.J.: Person De-identification in Videos. IEEE Transactions on Circuits and Systems for Video Technology (99) (2011)
McCarthy, C.: Twitter power players get shiny ’verified’ badges (2009), http://news.cnet.com/8301-13577_3-10263759-36.html
The Official CAPTCHA Site, www.captcha.net
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mohtasebi, S., Dehghantanha, A. (2011). A Mitigation Approach to the Privacy and Malware Threats of Social Network Services. In: Snasel, V., Platos, J., El-Qawasmeh, E. (eds) Digital Information Processing and Communications. ICDIPC 2011. Communications in Computer and Information Science, vol 189. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22410-2_39
Download citation
DOI: https://doi.org/10.1007/978-3-642-22410-2_39
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22409-6
Online ISBN: 978-3-642-22410-2
eBook Packages: Computer ScienceComputer Science (R0)