Understanding the behavior of malicious applications in social networks

Abstract

The World Wide Web has evolved from a collection of static HTML pages to an assortment of Web 2.0 applications. Online social networking in particular is becoming more popular by the day since the establishment of SixDegrees in 1997. Millions of people use social networking web sites daily, such as Facebook, My-Space, Orkut, and LinkedIn. A side-effect of this growth is that possible exploits can turn OSNs into platforms for malicious and illegal activities, like DDoS attacks, privacy violations, disk compromise, and malware propagation. In this article we show that social networking web sites have the ideal properties to become attack platforms. We introduce a new term, antisocial networks, that refers to distributed systems based on social networking web sites which can be exploited to carry out network attacks. An adversary can take control of a visitor's session by remotely manipulating their browsers through legitimate web control functionality such as image-loading HTML tags, JavaScript instructions, and Java applets.