skip to main content
10.1145/1866307.1866311acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

@spam: the underground on 140 characters or less

Published: 04 October 2010 Publication History

Abstract

In this work we present a characterization of spam on Twitter. We find that 8% of 25 million URLs posted to the site point to phishing, malware, and scams listed on popular blacklists. We analyze the accounts that send spam and find evidence that it originates from previously legitimate accounts that have been compromised and are now being puppeteered by spammers. Using clickthrough data, we analyze spammers' use of features unique to Twitter and the degree that they affect the success of spam. We find that Twitter is a highly successful platform for coercing users to visit spam pages, with a clickthrough rate of 0.13%, compared to much lower rates previously reported for email spam. We group spam URLs into campaigns and identify trends that uniquely distinguish phishing, malware, and spam, to gain an insight into the underlying techniques used to attract users.
Given the absence of spam filtering on Twitter, we examine whether the use of URL blacklists would help to significantly stem the spread of Twitter spam. Our results indicate that blacklists are too slow at identifying new threats, allowing more than 90% of visitors to view a page before it becomes blacklisted. We also find that even if blacklist delays were reduced, the use by spammers of URL shortening services for obfuscation negates the potential gains unless tools that use blacklists develop more sophisticated spam filtering.

References

[1]
}}D. Anderson, C. Fleizach, S. Savage, and G. Voelker. Spamscatter: Characterizing internet scam hosting infrastructure. In USENIX Security, 2007.
[2]
}}M. Cha, H. Haddadi, F. Benevenuto, and K. Gummadi. Measuring User Influence in Twitter: The Million Follower Fallacy. In Proceedings of the 4th International Conference on Weblogs and Social Media, 2010.
[3]
}}A. Chowdhury. State of Twitter spam. http://blog.twitter.com/2010/03/state-of-twitter-spam.html, March 2010.
[4]
}}F-Secure. Twitter now filtering malicious URLs. http://www.f-secure.com/weblog/archives/00001745.html, 2009.
[5]
}}R. Flores. The real face of Koobface. http://blog.trendmicro.com/the-real-face-of-koobface/, August 2009.
[6]
}}Google. Google safebrowsing API. http://code.google.com/apis/safebrowsing/, 2010.
[7]
}}D. Harvey. Trust and safety. http://blog.twitter.com/2010/03/trust-and-safety.html, March 2010.
[8]
}}D. Ionescu. Twitter Warns of New Phishing Scam. http://www.pcworld.com/article/174660/twitter_warns _of_new_phishing_scam.html, October 2009.
[9]
}}D. Irani, S. Webb, and C. Pu. Study of static classification of social spam profiles in MySpace. In Proceedings of the 4th International Conference on Weblogs and Social Media, 2010.
[10]
}}J. John, A. Moshchuk, S. Gribble, and A. Krishnamurthy. Studying spamming botnets using Botlab. In Usenix Symposium on Networked Systems Design and Implementation (NSDI), 2009.
[11]
}}C. Kanich, C. Kreibich, K. Levchenko, B. Enright, G. Voelker, V. Paxson, and S. Savage. Spamalytics: An empirical analysis of spam marketing conversion. In Proceedings of the 15th ACM Conference on Computer and Communications Security, pages 3--14. ACM, 2008.
[12]
}}H. Kwak, C. Lee, H. Park, and S. Moon. What is Twitter, a social network or a news media? In Proceedings of the International World Wide Web Conference, 2010.
[13]
}}K. Lee, J. Caverlee, and S. Webb. Uncovering social spammers: Social honeypots + machine learning. In Proceeding of the SIGIR conference on Research and Development in Information Retrieval, pages 435--442, 2010.
[14]
}}R. McMillan. Stolen Twitter accounts can fetch $1,000. http://www.computerworld.com/s/article/9150001/Stolen_ Twitter_accounts_can_fetch_1_000, 2010.
[15]
}}B. Meeder, J. Tam, P. G. Kelley, and L. F. Cranor. RT @IWantPrivacy: Widespread violation of privacy settings in the Twitter social network. In Web 2.0 Security and Privacy, 2010.
[16]
}}J. O'Dell. Twitter hits 2 billion tweets per month. http://mashable.com/2010/06/08/twitter-hits-2-billion- tweets-per-month/, June 2010.
[17]
}}A. Pitsillidis, K. Levchenko, C. Kreibich, C. Kanich, G. Voelker, V. Paxson, N. Weaver, and S. Savage. Botnet Judo: Fighting spam with itself. 2010.
[18]
}}Z. Qian, Z. Mao, Y. Xie, and F. Yu. On network-level clusters for spam detection. In Proceedings of the Network and Distributed System Security Symposium (NDSS), 2010.
[19]
}}M. Sahami, S. Dumais, D. Heckerman, and E. Horvitz. A Bayesian approach to filtering junk e-mail. In Learning for Text Categorization: Papers from the 1998 workshop. Madison, Wisconsin: AAAI Technical Report WS-98-05, 1998.
[20]
}}E. Schonfeld. When it comes to URL shoteners, bit.ly is now the biggest. http://techcrunch.com/2009/05/07/when-it- comes-to-url-shorteners-bitly-is-now-the-biggest/, May 2009.
[21]
}}K. Thomas and D. M. Nicol. The Koobface botnet and the rise of social malware. Technical report, University of Illinois at Urbana-Champaign, July 2010. https://www.ideals.illinois.edu/handle/2142/16598.
[22]
}}Twitter. The Twitter rules. http://help.twitter.com/forums/26257/entries/18311, 2009.
[23]
}}URIBL. URIBL.COM -- realtime URI blacklist. http://uribl.com/, 2010.
[24]
}}Y. Wang, M. Ma, Y. Niu, and H. Chen. Spam double-funnel: Connecting web spammers with advertisers. In Proceedings of the International World Wide Web Conference, pages 291--300, 2007.
[25]
}}J. Wein. Joewein.de LLC -- fighting spam and scams on the Internet. http://www.joewein.net/.
[26]
}}C. Wisniewski. Twitter hack demonstrates the power of weak passwords. http://www.sophos.com/blogs/chetw/g/2010/03/07/twitter- hack-demonstrates-power-weak-passwords/, March 2010.
[27]
}}Y. Xie, F. Yu, K. Achan, R. Panigrahy, G. Hulten, and I. Osipkov. Spamming botnets: Signatures and characteristics. Proceedings of ACM SIGCOMM, 2008.

Cited By

View all
  • (2024)Weakly Supervised Deep Embedding for Product Review Sentiment AnalysisInternational Journal of Advanced Research in Science, Communication and Technology10.48175/IJETIR-1221(111-114)Online publication date: 10-Jul-2024
  • (2024)Characterizing and Predicting Early Reviewers for Effective Product Marketing on E-Commerce WebsitesInternational Journal of Advanced Research in Science, Communication and Technology10.48175/IJARSCT-18421(111-114)Online publication date: 24-May-2024
  • (2024)Authorship Attribution for English Short TextsEngineering, Technology & Applied Science Research10.48084/etasr.830214:5(16419-16426)Online publication date: 9-Oct-2024
  • Show More Cited By

Index Terms

  1. @spam: the underground on 140 characters or less

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    CCS '10: Proceedings of the 17th ACM conference on Computer and communications security
    October 2010
    782 pages
    ISBN:9781450302456
    DOI:10.1145/1866307
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 04 October 2010

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. spam
    2. twitter

    Qualifiers

    • Research-article

    Conference

    CCS '10
    Sponsor:

    Acceptance Rates

    CCS '10 Paper Acceptance Rate 55 of 325 submissions, 17%;
    Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

    Upcoming Conference

    CCS '25

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)62
    • Downloads (Last 6 weeks)6
    Reflects downloads up to 16 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2024)Weakly Supervised Deep Embedding for Product Review Sentiment AnalysisInternational Journal of Advanced Research in Science, Communication and Technology10.48175/IJETIR-1221(111-114)Online publication date: 10-Jul-2024
    • (2024)Characterizing and Predicting Early Reviewers for Effective Product Marketing on E-Commerce WebsitesInternational Journal of Advanced Research in Science, Communication and Technology10.48175/IJARSCT-18421(111-114)Online publication date: 24-May-2024
    • (2024)Authorship Attribution for English Short TextsEngineering, Technology & Applied Science Research10.48084/etasr.830214:5(16419-16426)Online publication date: 9-Oct-2024
    • (2024)Advancing Email Spam Classification using Machine Learning and Deep Learning TechniquesEngineering, Technology & Applied Science Research10.48084/etasr.763114:4(14994-15001)Online publication date: 2-Aug-2024
    • (2024)Scalable Learning Framework for Detecting New Types of Twitter Spam with Misuse and Anomaly DetectionSensors10.3390/s2407226324:7(2263)Online publication date: 2-Apr-2024
    • (2024)Detecting anomalies in graph networks on digital marketsPLOS ONE10.1371/journal.pone.031584919:12(e0315849)Online publication date: 23-Dec-2024
    • (2024)"It was jerks on the Internet being jerks on the Internet": Understanding Zoombombing Through the Eyes of Its VictimsProceedings of the 2024 European Symposium on Usable Security10.1145/3688459.3688466(261-276)Online publication date: 30-Sep-2024
    • (2024)Conning the Crypto Conman: End-to-End Analysis of Cryptocurrency-based Technical Support Scams2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00156(17-35)Online publication date: 19-May-2024
    • (2024)Twitter (X) Spam Detection Using Natural Language Processing by Encoder Decoder Model2024 1st International Conference on Sustainable Computing and Integrated Communication in Changing Landscape of AI (ICSCAI)10.1109/ICSCAI61790.2024.10866112(1-5)Online publication date: 4-Jul-2024
    • (2024)Understanding the human element in scams: a multidisciplinary approachJournal of Information Technology Case and Application Research10.1080/15228053.2024.2439192(1-16)Online publication date: 18-Dec-2024
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media