Exploiting Social Networking Sites for Spam

Abstract. In this work we present our friend-in-the-middle attacks on SNSs and how it can be used to harvest
social data in an automated fashion. This social data can then be exploited for large-scale attacks such as
context-aware spam and social-phishing. We prove the feasibility of our attack exemplary on Facebook
and estimate the impact based upon a simulation on a regional network of Facebook. Alarmingly, all
major SNSs are vulnerable to our attack as they fail to secure the network layer appropriately.

Martin Mulazzani and Markus Huber and Edgar R. Weippl and Gerhard Kitzler and Sigrun Goluch,
@article{huber2011friend, 
  author = {Markus Huber and Martin Mulazzani and Gerhard Kitzler and Sigrun Goluch and Edgar Weippl}, 
  title = {Friend-in-the-Middle Attacks: Exploiting Social Networking Sites for Spam}, 
  journal ={IEEE Internet Computing}, 
  volume = {15}, 
  issn = {1089-7801}, 
  year = {2011}, 
  pages = {28-34}, 
  doi = {http://doi.ieeecomputersociety.org/10.1109/MIC.2011.24}, 
  publisher = {IEEE Computer Society}, 
  address = {Los Alamitos, CA, USA}, 
  url = {http://dl.dropbox.com/u/571550/preprints/FITM_InternetComputing_preprint.pdf}
}


ACM DL Author-ize serviceExploiting social networking sites for spam
Markus Huber, Martin Mulazzani, Edgar Weippl, Gerhard Kitzler, Sigrun Goluch
CCS '10 Proceedings of the 17th ACM conference on Computer and communications security, 2010