Long gone is the time when malware spread through infected floppy disk. Today, online social networks offer a fresh medium of propagation that is currently writing a new chapter in the evolution of computer malware. Using data collected from 3.5 million Facebook accounts I show how online social network malware exploits socio-monetary incentives to convince potential victims to visit webpages containing clickjacking attacks. Once infected, the victim is impersonated in the social network unknowingly exposing his or her friends to the same campaign through bogus posts, creating a word-of-mouth infection that cascades throughout the network. I then present evidence that socio-monetary incentives have a profound impact on the spread of malware on Facebook, showing how these observations challenge our current understanding of word-of-mouth diffusions on networks. Among other findings, we will see that campaigns with combined socio-monetary incentives infect more accounts and last longer than campaigns with pure monetary or social incentives. To finish I unveil a surprising new connection between computer security, human psychology, and biological pathogens.
This is a joint work with Ting-Kai Huang (Google), Harsha V. Madhyastha (UCR), and Michalis Faloutsos (UNM).