As social networking sites have risen in popularity, cyber-criminals started to exploit these sites to spread malware and to carry out scams. Previous work has extensively studied the use of fake accounts that attackers set up to distribute spam messages.
Dr Gianluca Stringhini and colleagues suggest such accounts typically exhibit highly anomalous behaviour, and hence, are relatively easy to detect. As a response, attackers have started to compromise and abuse legitimate accounts. Compromising legitimate accounts is very effective, as attackers can leverage the trust relationships that the account owners have established in the past. Moreover, compromised accounts are more difficult to clean up because a social network provider cannot simply delete the corresponding profiles.
This paper details a novel approach of detecting compromised accounts.