Authors: Dilip Singh Sisodia, Shrish Verma

Abstract:

In this paper we are presenting some spamming techniques their behaviour and possible solutions. We have analyzed how Spammers enters into online social networking sites (OSNSs) to target them and diverse techniques used by them for this purpose. Spamming is very common issue in present era of Internet especially through Online Social Networking Sites (like Facebook, Twitter, and Google+ etc.). Spam messages keep wasting Internet bandwidth and the storage space of servers. On social networking sites; spammers often disguise themselves by creating fake accounts and hijacking user’s accounts for personal gains. They behave like normal user and they continue to change their spamming strategy. Following spamming techniques are discussed in this paper like clickjacking, social engineered attacks, cross site scripting, URL shortening, and drive by download. We have used elgg framework for demonstration of some of spamming threats and respective implementation of solutions.

Keywords: Online social networking sites, spam attacks, Internet, clickjacking/likejacking, drive-by-download, URL shortening, cross site scripting, socially engineered attacks, elgg framework.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1100158

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2313

References:

[1] Detecting Spammers on Social Networks by Gianluca Stringhini, Christopher Kruegel and Giovanni Vigna, http://www.cse.fau.edu/ ~xqzhu/courses/Resources/GSC.acsac10-socialnets.pdf
[2] OSWAP, https://www.owasp.org/index.php/
[3] Huang, Lin-Shung, et al. "Click jacking: Attacks and Defences." USENIX Security Symposium. 2012.
[4] Jagatic, Tom N., et al. "Social phishing." Communications of the ACM 50.10 (2007): 94-100.
[5] Al Hasib, Abdullah. "Threats of online social networks." IJCSNS International Journal of Computer Science and Network Security 9.11 (2009): 288-93.
[6] Lee, Kyumin, James Caverlee, and Steve Webb. "Uncovering social spammers: social honeypots+ machine learning." Proceedings of the 33rd international ACM SIGIR conference on Research and development in information retrieval. ACM, 2010.
[7] Lu, Long, et al. "Blade: an attack-agnostic approach for preventing drive-by malware infections." Proceedings of the 17th ACM conference on Computer and communications security. ACM, 2010.
[8] L.-S. Huang, A. Moshchuk, H. J. Wang, S. Schechter, and C. Jackson, “Clickjacking: Attacks and defences,” in USENIX Security Symposium. USENIX Association, 2012.
[9] The Click jacking attack by Ilya Kantor http://javascript.info/ tutorial/clickjacking
[10] Linda Criddle, http://www.webroot.com/in/en/home/resources/tips/ online-shopping-banking/secure-what-is-social-engineering
[11] Phish tank, https://www.phishtank.com/what_is_phishing.php
[12] Blog,http://www.symantec.com/connect/blogs/web-applicationpenetration- te
[13] Weboedia, http://www.webopedia.com/TERM/S/social_engineering.html
[14] XSS examples by Lakhmanan Ganapathy, http://www.thegeekstuff.com/ 2012/02/xss-attack-examples/
[15] M. Vilas, “Having fun with url shorteners,” Blog, Jan2010, http://breakingcode.wordpress.com/2010/01/11/having-fun-with-urlshorteners/.
[16] URL shortening site, https://bitly.com/
[17] Security news, http://www.pctools.com/security-news/drive-bydownloads/
[18] E. Foundation, “Elgg- an award-winning social networking engine,” Website, http://www.elgg.org/.
[19] G. Maone, “Hello clearclick, goodbye clickjacking!” Blog, October 2008.
[20] G. Rydstedt, E. Bursztein, D. Boneh, and C. Jackson, “Busting frame busting: a study of click jacking vulnerabilities at popular sites,” in in IEEE Oakland Web 2.0 Security and Privacy (W2SP 2010), 2010.
[21] M. IE Team, “Combating click jacking with x-frame-options,” Blog, March 2010.
[22] http://www.dhs.gov/sites/default/files/publications/privacy/PIAs/dhspriv acy_pia_usss_cyveillance_12272012.pdf
[23] K. Rieck, T. Krueger, and A. Dewald, “Cujo: Efficient detection and prevention of drive-by-download attacks,” in Proceedings of the 26th Annual Computer Security Applications Conference, ser. ACSAC ’10. New York, NY, USA: ACM, 2010, pp. 31–39.
[24] Mineola Community Bank, https://www.mineolacb.com/avoidingattacks. htm