skip to main content
research-article

Emotions Behind Drive-by Download Propagation on Twitter

Published:25 August 2020Publication History
Skip Abstract Section

Abstract

Twitter has emerged as one of the most popular platforms to get updates on entertainment and current events. However, due to its 280-character restriction and automatic shortening of URLs, it is continuously targeted by cybercriminals to carry out drive-by download attacks, where a user’s system is infected by merely visiting a Web page. Popular events that attract a large number of users are used by cybercriminals to infect and propagate malware by using popular hashtags and creating misleading tweets to lure users to malicious Web pages. A drive-by download attack is carried out by obfuscating a malicious URL in an enticing tweet and used as clickbait to lure users to a malicious Web page. In this article, we answer the following two questions: Why are certain malicious tweets retweeted more than others? Do emotions reflecting in a tweet drive virality? We gathered tweets from seven different sporting events over 3 years and identified those tweets that were used to carry to out a drive-by download attack. From the malicious (N = 105, 642) and benign (N = 169, 178) data sample identified, we built models to predict information flow size and survival. We define size as the number of retweets of an original tweet, and survival as the duration of the original tweet’s presence in the study window. We selected the zero-truncated negative binomial (ZTNB) regression method for our analysis based on the distribution exhibited by our dependent size measure and the comparison of results with other predictive models. We used the Cox regression technique to model the survival of information flows as it estimates proportional hazard rates for independent measures. Our results show that both social and content factors are statistically significant for the size and survival of information flows for both malicious and benign tweets. In the benign data sample, positive emotions and positive sentiment reflected in the tweet significantly predict size and survival. In contrast, for the malicious data sample, negative emotions, especially fear, are associated with both size and survival of information flows.

References

  1. Mansour Ahmadi, Ashkan Sami, Hossein Rahimi, and Babak Yadegari. 2013. Malware detection by behavioural sequential patterns. Comput. Fraud Secur. 2013, 8 (2013), 11--19.Google ScholarGoogle ScholarCross RefCross Ref
  2. Per Kragh Andersen and Richard David Gill. 1982. Cox’s regression model for counting processes: A large sample study. Ann. Stat. (1982), 1100--1120.Google ScholarGoogle Scholar
  3. Lars Backstrom, Jon Kleinberg, Lillian Lee, and Cristian Danescu-Niculescu-Mizil. 2013. Characterizing and curating conversation threads: Expansion, focus, volume, re-entry. In Proceedings of the 6th ACM International Conference on Web Search and Data Mining. ACM, 13--22.Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Jonah Berger and Katherine L. Milkman. 2012. What makes online content viral? J. Market. Res. 49, 2 (2012), 192--205.Google ScholarGoogle ScholarCross RefCross Ref
  5. Jonah Berger and Katherine L. Milkman. 2013. Emotion and virality: What makes online content go viral? GfK Market. Intell. Rev. 5, 1 (2013), 18--23.Google ScholarGoogle ScholarCross RefCross Ref
  6. Pete Burnap, Matthew L. Williams, Luke Sloan, Omer Rana, William Housley, Adam Edwards, Vincent Knight, Rob Procter, and Alex Voss. 2014. Tweeting the terror: Modelling the social media reaction to the Woolwich terrorist attack. Soc. Netw. Anal. Min. 4, 1 (2014), 206.Google ScholarGoogle ScholarCross RefCross Ref
  7. R. Steenson and C. Seifert. 2017. Capture-HPC. Retrieved from https://projects.honeynet.org/capture-hpc.Google ScholarGoogle Scholar
  8. Jian Cao, Qiang Li, Yuede Ji, Yukun He, and Dong Guo. 2016. Detection of forwarding-based malicious URLs in online social networks. Int. J. Parallel Program. 44, 1 (2016), 163--180.Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Yijin Chen, Yuming Mao, Supeng Leng, Yunkai Wei, and Yuchen Chiang. 2017. Malware propagation analysis in message-recallable online social networks. In Proceedings of the IEEE 17th International Conference on Communication Technology (ICCT’17). IEEE, 1366--1371.Google ScholarGoogle ScholarCross RefCross Ref
  10. Shin-Ming Cheng, Weng Chon Ao, Pin-Yu Chen, and Kwang-Cheng Chen. 2011. On modeling malware propagation in generalized social networks. IEEE Commun. Lett. 15, 1 (2011), 25--27.Google ScholarGoogle ScholarCross RefCross Ref
  11. Aditya Chetan, Brihi Joshi, Hridoy Sankar Dutta, and Tanmoy Chakraborty. 2019. CoReRank: Ranking to detect users involved in blackmarket-based collusive retweeting activities. In Proceedings of the 12th ACM International Conference on Web Search and Data Mining. ACM, 330--338.Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. Hridoy Sankar Dutta, Aditya Chetan, Brihi Joshi, and Tanmoy Chakraborty. 2018. Retweet us, we will retweet you: Spotting collusive retweeters involved in blackmarket services. In Proceedings of the IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM’18). IEEE, 242--249.Google ScholarGoogle ScholarCross RefCross Ref
  13. Edgefluence. 2019. Like4Like—Get FREE real Instagram likes! Retrieved from https://like4like.com.Google ScholarGoogle Scholar
  14. Paul Ekman. 1992. An argument for basic emotions. Cogn. Emotion 6, 3–4 (1992), 169--200.Google ScholarGoogle ScholarCross RefCross Ref
  15. W. Fan and K. H. Yeung. 2011. Online social networks Paradise of computer viruses. Physica A: Stat. Mech. Appl. 390, 2 (2011), 189--197.Google ScholarGoogle ScholarCross RefCross Ref
  16. Chris Fleizach, Michael Liljenstam, Per Johansson, Geoffrey M. Voelker, and Andras Mehes. 2007. Can you infect me now?: Malware propagation in mobile phone networks. In Proceedings of the ACM Workshop on Recurring Malcode. ACM, 61--68.Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. James H. Fowler and Nicholas A. Christakis. 2008. Dynamic spread of happiness in a large social network: Longitudinal analysis over 20 years in the Framingham Heart Study. Bmj 337 (2008), a2338.Google ScholarGoogle ScholarCross RefCross Ref
  18. Sheera Frenkel. 2017. Hackers hide cyber attacks in social media posts. N.Y. Times (May 2017). Retrieved from https://tinyurl.com/yy87rbgj.Google ScholarGoogle Scholar
  19. Ayalvadi Ganesh, Laurent Massoulié, and Don Towsley. 2005. The effect of network topology on the spread of epidemics. In Proceedings of the 24th Annual Joint Conference of the IEEE Computer and Communications Societies, Vol. 2. IEEE, 1455--1466.Google ScholarGoogle ScholarCross RefCross Ref
  20. Alexandra Gibbs. 2015. Super Bowl XLIX smashes twitter records. CNBC (Feb. 2015). Retrieved from https://www.cnbc.com/2015/02/02/super-bowl-xlix-and-social-media-most-tweeted-nfl-game-ever.html.Google ScholarGoogle Scholar
  21. Nelson Granados. 2016. Super bowl underperforms in TV audience and social media chatter. Forbes (Feb. 2016). Retrieved from https://www.forbes.com/sites/nelsongranados/2016/02/09/super-bowl-underperforms-in-tv-audience-and-social-media-chatter/#2a7611a02be3.Google ScholarGoogle Scholar
  22. Shashank Gupta and Brij Bhooshan Gupta. 2017. Cross-site scripting (XSS) attacks and defense mechanisms: Classification and state-of-the-art. Int. J. Syst. Assur. Eng. Manage. 8, 1 (2017), 512--530.Google ScholarGoogle ScholarCross RefCross Ref
  23. Shiferaw Gurmu. 1991. Tests for detecting overdispersion in the positive poisson regression model. J. Bus. Econ. Stat. 9, 2 (1991), 215--222.Google ScholarGoogle Scholar
  24. Elaine Hatfield, John T. Cacioppo, and Richard L. Rapson. 1993. Emotional contagion. Curr. Direct. Psychol. Sci. 2, 3 (1993), 96--100.Google ScholarGoogle ScholarCross RefCross Ref
  25. Joseph M. Hilbe. 2011. Negative Binomial Regression. Cambridge University Press.Google ScholarGoogle Scholar
  26. Xia Hu, Jiliang Tang, Huiji Gao, and Huan Liu. 2014. Social spammer detection with sentiment information. In Proceedings of the IEEE International Conference on Data Mining (ICDM’14). IEEE, 180--189.Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. Laurent Itti and Pierre Baldi. 2009. Bayesian surprise attracts human attention. Vision Res. 49, 10 (2009), 1295--1306.Google ScholarGoogle ScholarCross RefCross Ref
  28. Amir Javed, Pete Burnap, and Omer Rana. 2018. Prediction of drive-by download attacks on Twitter. Info. Process. Manage. (2018).Google ScholarGoogle Scholar
  29. Apalak Khatua and Aparup Khatua. 2017. Cricket world cup 2015: Predicting user’s orientation through mix tweets on twitter platform. In Proceedings of the IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining. ACM, 948--951.Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. Ivana Kottasova. [n.d.]. Twitter reveals the top tweeted events of 2016—Dec. 6, 2016. Retrieved from http://money.cnn.com/2016/12/06/technology/twitter-top-events-hashtags-2016/index.html.Google ScholarGoogle Scholar
  31. Adam D. I. Kramer, Jamie E. Guillory, and Jeffrey T. Hancock. 2014. Experimental evidence of massive-scale emotional contagion through social networks. Proc. Natl. Acad. Sci. U.S.A. 111, 24 (2014), 8788–8790.Google ScholarGoogle ScholarCross RefCross Ref
  32. Brian Krebs. 2016. Ddos on dyn impacts twitter, spotify, reddit. Krebs Security (Oct. 2016).Google ScholarGoogle Scholar
  33. Sam Laird. 2015. The top 15 sporting events that blew up Twitter in 2015. Retrieved from http://mashable.com/2015/12/07/2015-top-sports-events-twitter/##7TVsYNhLQSqN.Google ScholarGoogle Scholar
  34. Sangho Lee and Jong Kim. 2013. Warningbird: A near real-time detection system for suspicious urls in twitter stream. IEEE Trans. Depend. Secure Comput. 10, 3 (2013), 183--195.Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. Bo Liu, Wanlei Zhou, Longxiang Gao, HaiBo Zhou, Tom H. Luan, and Sheng Wen. 2016. Malware propagations in wireless ad hoc networks. IEEE Trans. Depend. Secure Comput. 1 (2016), 1--1.Google ScholarGoogle Scholar
  36. Liu Liu, Olivier De Vel, Qing-Long Han, Jun Zhang, and Yang Xiang. 2018. Detecting and preventing cyber insider threats: A survey. IEEE Commun. Surveys Tutor. 20, 2 (2018), 1397--1417.Google ScholarGoogle ScholarCross RefCross Ref
  37. J. Scott Long. 1997. Regression models for categorical and limited dependent variables (Vol. 7). Adv. Quant. Techn. Soc. Sci. (1997), 219.Google ScholarGoogle Scholar
  38. D. Kevin McGrath and Minaxi Gupta. 2008. Behind phishing: An examination of phisher modi operandi. LEET 8 (2008), 4.Google ScholarGoogle Scholar
  39. Saif M. Mohammad and Peter D. Turney. 2013. Crowdsourcing a word–emotion association lexicon. Comput. Intell. 29, 3 (2013), 436--465.Google ScholarGoogle ScholarCross RefCross Ref
  40. Andreas Moser, Christopher Kruegel, and Engin Kirda. 2007. Exploring multiple execution paths for malware analysis. In Proceedings of the IEEE Symposium on Security and Privacy (SP’07). IEEE, 231--245.Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. Smita Naval, Vijay Laxmi, Muttukrishnan Rajarajan, Manoj Singh Gaur, and Mauro Conti. 2015. Employing program semantics for malware detection. IEEE Trans. Info. Forensics Secur. 10, 12 (2015), 2591--2604.Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. Danny Palmer. 2016. Is your Android phone being controlled by a rogue Twitter account? Botnet is first to receive commands via tweets | ZDNet. Retrieved from https://tinyurl.com/y4wbmyor.Google ScholarGoogle Scholar
  43. Romualdo Pastor-Satorras and Alessandro Vespignani. 2001. Epidemic spreading in scale-free networks. Phys. Rev. Lett. 86, 14 (2001), 3200.Google ScholarGoogle ScholarCross RefCross Ref
  44. Robert Plutchik. 2003. Emotions and Life: Perspectives from Psychology, Biology, and Evolution.American Psychological Association.Google ScholarGoogle Scholar
  45. PorcelainSky LLC. 2019. Get Twitter Followers, YouTube Views, Subscribers—YouLikeHits. Retrieved from https://www.youlikehits.com.Google ScholarGoogle Scholar
  46. Mohammad Puttaroo, Peter Komisarczuk, and Renato Cordeiro de Amorim. 2014. Challenges in developing Capture-HPC exclusion lists. In Proceedings of the 7th International Conference on Security of Information and Networks. ACM, 334.Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. Clément René. 2019. Instagram Engagement Report 2019: The more hashtags, the less engagement. Retrieved from https://mention.com/blog/hashtags-engagement-instagram.Google ScholarGoogle Scholar
  48. M. G. Roberts and J. A. P. Heesterbeek. 2003. Mathematical Models in Epidemiology. EOLSS.Google ScholarGoogle Scholar
  49. Joshua Roesslein. [n.d.]. Tweepy. Retrieved from http://www.tweepy.org/.Google ScholarGoogle Scholar
  50. Charlotte Rogers. 2016. Euro 2016 most tweeted TV of the year. Retrieved from https://www.marketingweek.com/2016/12/14/euros-tweeted-tv-2016.Google ScholarGoogle Scholar
  51. SANS Institue. 2017. 2017 Threat Landscape Survey: Users on the Front Line. Retrieved from https://www.sans.org/reading-room/whitepapers/threats/2017-threat-landscape-survey-users-front-line-37910.Google ScholarGoogle Scholar
  52. Ameya Sanzgiri, Jacob Joyce, and Shambhu Upadhyaya. 2012. The early (tweet-ing) bird spreads the worm: An assessment of twitter for malware propagation. Procedia Comput. Sci. 10 (2012), 705--712.Google ScholarGoogle Scholar
  53. David Sayce. 2019. The Number of tweets per day in 2019. Retrieved from https://www.dsayce.com/social-media/tweets-day.Google ScholarGoogle Scholar
  54. Hua Shen, Fenglong Ma, Xianchao Zhang, Linlin Zong, Xinyue Liu, and Wenxin Liang. 2017. Discovering social spammers from multiple views. Neurocomputing 225 (2017), 49--57.Google ScholarGoogle ScholarDigital LibraryDigital Library
  55. smfrogers. 2019. Insights into the #WorldCup conversation on Twitter. Retrieved from https://blog.twitter.com/en_us/a/2014/insights-into-the-worldcup-conversation-on-twitter.html.Google ScholarGoogle Scholar
  56. Parinaz Sobhani, Saif Mohammad, and Svetlana Kiritchenko. 2016. Detecting stance in tweets and analyzing its interaction with sentiment. In Proceedings of the 5th Joint Conference on Lexical and Computational Semantics. 159--169.Google ScholarGoogle ScholarCross RefCross Ref
  57. Spotcal. 2019. Healthy TV audiences for final as 2015 Rugby World Cup hailed as “biggest and best” yet.Retrieved from https://www.sportcal.com/News/FeaturedNews/39963.Google ScholarGoogle Scholar
  58. CricketCountry Staff. 2015. ICC Cricket World Cup 2015: India-Pakistan a Twitter hit, 1.7 million tweets. Cricket Country. Retrieved from https://www.cricketcountry.com/criclife/icc-cricket-world-cup-2015-india-pakistan-a-twitter-hit-1-7-million-tweets-500296.Google ScholarGoogle Scholar
  59. Carlo Strapparava, Alessandro Valitutti, et al. 2004. Wordnet affect: An affective extension of wordnet. In Proceedings of the Language Resources and Evaluation Conference (LREC’04), Vol. 4. Citeseer, 1083--1086.Google ScholarGoogle Scholar
  60. Gianluca Stringhini, Christopher Kruegel, and Giovanni Vigna. 2010. Detecting spammers on social networks. In Proceedings of the 26th Annual Computer Security Applications Conference. ACM, 1--9.Google ScholarGoogle ScholarDigital LibraryDigital Library
  61. Xin Sun, Yan-Heng Liu, Bin Li, Jin Li, Jia-Wei Han, and Xue-Jie Liu. 2012. Mathematical model for spreading dynamics of social network worms. J. Stat. Mech.: Theory Exper. 2012, 04 (2012), P04009.Google ScholarGoogle ScholarCross RefCross Ref
  62. Kurt Thomas, Chris Grier, Dawn Song, and Vern Paxson. 2011. Suspended accounts in retrospect: An analysis of twitter spam. In Proceedings of the ACM SIGCOMM Conference on Internet Measurement. 243--258.Google ScholarGoogle ScholarDigital LibraryDigital Library
  63. Twitter. 2020. About unsafe links. Retrieved from https://help.twitter.com/en/safety-and-security/phishing-spam-and-malware-links.Google ScholarGoogle Scholar
  64. Soroush Vosoughi, Deb Roy, and Sinan Aral. 2018. The spread of true and false news online. Science 359, 6380 (2018), 1146--1151.Google ScholarGoogle Scholar
  65. Bo Wang, Arkaitz Zubiaga, Maria Liakata, and Rob Procter. 2015. Making the most of tweet-inherent features for social spam detection on Twitter. In Workshop on Making Sense of Microposts, Vol. 1395. 10–16.Google ScholarGoogle Scholar
  66. Tianbo Wang, Chunhe Xia, Zhong Li, Xiaochen Liu, and Yang Xiang. 2017. The spatial–temporal perspective: The study of the propagation of modern social worms. IEEE Trans. Info. Forensics Secur. 12, 11 (2017), 2558--2573.Google ScholarGoogle ScholarDigital LibraryDigital Library
  67. Xu Wang, Wei Ni, Kangfeng Zheng, Ren Ping Liu, and Xinxin Niu. 2016. Virus propagation modeling and convergence analysis in large-scale networks. IEEE Trans. Info. Forensics Secur. 11, 10 (2016), 2241--2254.Google ScholarGoogle ScholarDigital LibraryDigital Library
  68. Sheng Wen, Wei Zhou, Jun Zhang, Yang Xiang, Wanlei Zhou, Weijia Jia, and Cliff C. Zou. 2014. Modeling and analysis on the propagation dynamics of modern email malware. IEEE Trans. Depend. Secure Comput. 11, 4 (2014), 361--374.Google ScholarGoogle ScholarCross RefCross Ref
  69. Guanhua Yan, Guanling Chen, Stephan Eidenbenz, and Nan Li. 2011. Malware propagation in online social networks: Nature, dynamics, and defense implications. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security. ACM, 196--206.Google ScholarGoogle ScholarDigital LibraryDigital Library
  70. Chao Yang, Robert Harkreader, and Guofei Gu. 2013. Empirical evaluation and new design for fighting evolving twitter spammers. IEEE Trans. Info. Forensics Secur. 8, 8 (2013), 1280--1293.Google ScholarGoogle ScholarDigital LibraryDigital Library
  71. Shui Yu, Guofei Gu, Ahmed Barnawi, Song Guo, and Ivan Stojmenovic. 2015. Malware propagation in large-scale networks. IEEE Trans. Knowl. Data Eng. 27, 1 (2015), 170--179.Google ScholarGoogle Scholar
  72. Cliff C. Zou, Weibo Gong, Don Towsley, and Lixin Gao. 2005. The monitoring and early detection of internet worms. IEEE/ACM Trans. Netw. 13, 5 (2005), 961--974.Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Emotions Behind Drive-by Download Propagation on Twitter

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader

      HTML Format

      View this article in HTML Format .

      View HTML Format
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!