{"title":"照片上是你吗?:自动检测感染黑洞漏洞工具包的Twitter账户","authors":"Joshua S. White, Jeanna Neefe Matthews","doi":"10.1109/MALWARE.2013.6703685","DOIUrl":null,"url":null,"abstract":"The Blackhole Exploit Kit (BEK) has been called the “Toyota Camry” of exploit kits - cheap, readily available and reliable. According to some estimates, it was used to enable the majority of malware infections in 2012. One major infection vector for BEK is through Twitter. In this paper, we analyze over two months of Twitter data from May through July of 2012 and identify user accounts affected by BEK. Based on reports that BEK infected tweets containing the string ”It's you on photo?” were being used to lure victims to BEK infected sites, we identified matching messages and analyzed the associated accounts. We then identified a wider range of message types associated with BEK infection and developed an automated mechanism for identifying infectious accounts - both accounts that were created specifically for malware distribution and legitimate accounts that began distributing malware after the owner's system was infected. Specifically, we find that BEK infectious accounts are characterized by tweets with an entropy lower than 4.5, tweets that are sent using the Mobile Web API and tweets containing an embedded URL. We present an automated method for isolating the point at which an account becomes infectious based on changes in the entropy of tweets from the account.","PeriodicalId":325281,"journal":{"name":"2013 8th International Conference on Malicious and Unwanted Software: \"The Americas\" (MALWARE)","volume":"16 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2013-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"It's you on photo?: Automatic detection of Twitter accounts infected with the Blackhole Exploit Kit\",\"authors\":\"Joshua S. White, Jeanna Neefe Matthews\",\"doi\":\"10.1109/MALWARE.2013.6703685\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The Blackhole Exploit Kit (BEK) has been called the “Toyota Camry” of exploit kits - cheap, readily available and reliable. According to some estimates, it was used to enable the majority of malware infections in 2012. One major infection vector for BEK is through Twitter. In this paper, we analyze over two months of Twitter data from May through July of 2012 and identify user accounts affected by BEK. Based on reports that BEK infected tweets containing the string ”It's you on photo?” were being used to lure victims to BEK infected sites, we identified matching messages and analyzed the associated accounts. We then identified a wider range of message types associated with BEK infection and developed an automated mechanism for identifying infectious accounts - both accounts that were created specifically for malware distribution and legitimate accounts that began distributing malware after the owner's system was infected. Specifically, we find that BEK infectious accounts are characterized by tweets with an entropy lower than 4.5, tweets that are sent using the Mobile Web API and tweets containing an embedded URL. We present an automated method for isolating the point at which an account becomes infectious based on changes in the entropy of tweets from the account.\",\"PeriodicalId\":325281,\"journal\":{\"name\":\"2013 8th International Conference on Malicious and Unwanted Software: \\\"The Americas\\\" (MALWARE)\",\"volume\":\"16 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2013 8th International Conference on Malicious and Unwanted Software: \\\"The Americas\\\" (MALWARE)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/MALWARE.2013.6703685\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2013 8th International Conference on Malicious and Unwanted Software: \"The Americas\" (MALWARE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/MALWARE.2013.6703685","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
It's you on photo?: Automatic detection of Twitter accounts infected with the Blackhole Exploit Kit
The Blackhole Exploit Kit (BEK) has been called the “Toyota Camry” of exploit kits - cheap, readily available and reliable. According to some estimates, it was used to enable the majority of malware infections in 2012. One major infection vector for BEK is through Twitter. In this paper, we analyze over two months of Twitter data from May through July of 2012 and identify user accounts affected by BEK. Based on reports that BEK infected tweets containing the string ”It's you on photo?” were being used to lure victims to BEK infected sites, we identified matching messages and analyzed the associated accounts. We then identified a wider range of message types associated with BEK infection and developed an automated mechanism for identifying infectious accounts - both accounts that were created specifically for malware distribution and legitimate accounts that began distributing malware after the owner's system was infected. Specifically, we find that BEK infectious accounts are characterized by tweets with an entropy lower than 4.5, tweets that are sent using the Mobile Web API and tweets containing an embedded URL. We present an automated method for isolating the point at which an account becomes infectious based on changes in the entropy of tweets from the account.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
