The socio-monetary incentives of online social network malware campaigns

Online social networks (OSNs) offer a rich medium of malware propagation. Unlike other forms of malware, OSN malware campaigns direct users to malicious websites that hijack their accounts, posting malicious messages on their behalf with the intent of luring their friends to the malicious website, thus triggering word-of-mouth infections that cascade through the network compromising thousands of accounts. But how are OSN users lured to click on the malicious links? In this work, we monitor 3.5 million Facebook accounts and explore the role of pure monetary, social, and combined socio-monetary psychological incentives in OSN malware campaigns. Among other findings we see that the majority of the malware campaigns rely on pure social incentives. However, we also observe that malware campaigns using socio-monetary incentives infect more accounts and last longer than campaigns with pure monetary or social incentives. The latter suggests the efficiency of an epidemic tactic surprisingly similar to the mechanism used by biological pathogens to cope with diverse gene pools.

[1]  Lada A. Adamic,et al.  Information Evolution in Social Networks , 2014, WSDM.

[2]  Cristina Nita-Rotaru,et al.  Increasing Network Resiliency by Optimally Assigning Diverse Variants to Routing Nodes , 2013, IEEE Transactions on Dependable and Secure Computing.

[3]  Michalis Faloutsos,et al.  An analysis of socware cascades in online social networks , 2013, WWW.

[4]  H. Stanley,et al.  Effect of the interconnected network structure on the epidemic threshold. , 2013, Physical review. E, Statistical, nonlinear, and soft matter physics.

[5]  Michalis Faloutsos,et al.  Efficient and Scalable Socware Detection in Online Social Networks , 2012, USENIX Security Symposium.

[6]  Zinta S. Byrne,et al.  The Psychology of Security for the Home Computer User , 2012, 2012 IEEE Symposium on Security and Privacy.

[7]  H. Stanley,et al.  Networks formed from interdependent networks , 2011, Nature Physics.

[8]  Christos Faloutsos,et al.  On the Vulnerability of Large Graphs , 2010, 2010 IEEE International Conference on Data Mining.

[9]  Michalis Faloutsos,et al.  Virus Propagation on Time-Varying Networks: Theory and Immunization Algorithms , 2010, ECML/PKDD.

[10]  Mark Newman,et al.  Networks: An Introduction , 2010 .

[11]  Azadeh Iranmehr,et al.  Trust Management for Semantic Web , 2009, 2009 Second International Conference on Computer and Electrical Engineering.

[12]  R. D’Souza,et al.  Percolation on interacting networks , 2009, 0907.0894.

[13]  Albert-László Barabási,et al.  Understanding the Spreading Patterns of Mobile Phone Viruses , 2009, Science.

[14]  N. Ellison,et al.  Social capital, self-esteem, and use of online social network sites: A longitudinal analysis , 2008 .

[15]  Eugene H. Spafford,et al.  Happy Birthday, Dear Viruses , 2007, Science.

[16]  Bruce Schneier,et al.  The psychology of security , 2007, CACM.

[17]  E. Spafford,et al.  Computer science. Happy birthday, dear viruses. , 2007, Science.

[18]  Jacob Goldenberg,et al.  Distributive immunization of networks against viruses using the ‘honey-pot’ architecture , 2005 .

[19]  Hsi‐Peng Lu,et al.  An empirical study of the effect of perceived risk upon intention to use online applications , 2005, Inf. Manag. Comput. Security.

[20]  Donald F. Towsley,et al.  The effect of network topology on the spread of epidemics , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[21]  Kregg Aytes,et al.  Computer Security and Risky Computing Practices: A Rational Choice Perspective , 2004, J. Organ. End User Comput..

[22]  Mark E. J. Newman,et al.  Technological Networks and the Spread of Computer Viruses , 2004, Science.

[23]  Yiming Yang,et al.  Introducing the Enron Corpus , 2004, CEAS.

[24]  Stephanie Forrest,et al.  Email networks and the spread of computer viruses. , 2002, Physical review. E, Statistical, nonlinear, and soft matter physics.

[25]  C. Mundt Use of multiline cultivars and cultivar mixtures for disease management. , 2002, Annual review of phytopathology.

[26]  C. Lannou,et al.  Selection for increased spore efficacy by host genetic background in a wheat powdery mildew population. , 2000, Phytopathology.

[27]  M. Ridout,et al.  Stochastic simulation of the spread of race‐specific and race‐nonspecific aerial fungal pathogens in cultivar mixtures , 2000 .

[28]  M. Newman,et al.  Epidemics and percolation in small-world networks. , 1999, Physical review. E, Statistical physics, plasmas, fluids, and related interdisciplinary topics.

[29]  Jean-Claude Laprie,et al.  Diversity against accidental and deliberate faults , 1998, Proceedings Computer Security, Dependability, and Assurance: From Needs to Solutions (Cat. No.98EX358).

[30]  Stephanie Forrest,et al.  Computer immunology , 1997, CACM.

[31]  Eugene H. Spafford,et al.  Computer Viruses as Artificial Life , 1994, Artificial Life.

[32]  Fred Cohen,et al.  Computer viruses—theory and experiments , 1990 .

[33]  M. Wolfe,et al.  Selection on Erysiphe graminis in pure and mixed stands of barley , 1984 .

[34]  J. Tukey,et al.  Variations of Box Plots , 1978 .

[35]  A. J. Ullstrup The Impacts of the Southern Corn Leaf Blight Epidemics of 1970-1971 , 1972 .

[36]  M. W. Adams,et al.  Biological Uniformity and Disease Epidemics , 1971 .

[37]  Josef Hadar,et al.  Rules for Ordering Uncertain Prospects , 1969 .

[38]  John von Neumann,et al.  Theory Of Self Reproducing Automata , 1967 .