3 research outputs found
Full Cycle Analysis of a Large-scale Botnet Attack on Twitter
This work presents an in-depth forensic analysis of a large-scale spam
attack launched by one of the largest Twitter botnets reported in academic literature. The Bursty botnet contains over 500,000; many of which
have not been suspended. The bots have generated over 2.8 million spam
tweets, with 2.2 million mentions directly targeting over 1.3 million distinct Twitter users. We reveal that the botnet used a network of URL
shortening services and redirections to obfuscate the real landing pages.
We show that users clicked on these URLs shortly after they were published and in large numbers. We even discovered the botmaster who was
behind the whole operation, including creation of the Bursty botnet and
registration of the several landing pages, which happen to be phishing
websites. Furthermore, we found that this botmaster is still active selling
Twitter bot related services. Our work reconstructs the complete course
of the spam attacks, from planning to execution. This work provides in
depth analysis and insight into the operation of cybercriminals on Twitter, and the cyberspace infrastructure and black-markets that they rely
on. Finally, we address how the state-of-the-art bot classifiers are unable
differentiate the Bursty bots from normal users, highlighting the need and
importance of individual botnet analysis