• United States



Microsoft Researchers Find Spammers by Graphing Social Networks

Jun 29, 20114 mins
CybercrimeData and Information SecurityEnterprise Applications

Microsoft researchers developed a social graph for online service security to differentiate spammer email accounts from legitimate users' accounts.

Do you believe in the theory that only good people have lots of social media friends, while “bad people” don’t have friends and don’t leave many traces of themselves online? According to recent Microsoft Research, a spammer email account can be identified by the lack of connectivity to other people.

Microsoft researchers Yinglian Xie and Fang Yu are tackling the problem of how to differentiate spammer email accounts from legitimate users’ accounts. According to the researchers, attacker accounts don’t have friends. Malicious-user accounts do not use instant messaging; nor do they send and receive mail. In fact, after analyzing normal social connections between users, the researchers discovered that finding spammers is easy since attackers do not follow normal patterns of communication.

The project was described as:

Large-scale online services such as email and instant messaging are popular targets for attackers, who sign up for new accounts and compromise legitimate user accounts in order to propagate spam emails, phishing links, or malware. To counter such attacks, this project focuses on exploring social connections among users that are difficult for attackers to mimic. The research explores a wide range of graph properties to differentiate legitimate human users from tens of millions of maliciously created accounts and hijacked accounts.

In an interview with told Microsoft Research, Xie said, “If we define connectivity as mutual email exchange, a normal user will talk to other people-send email and receive email. But attackers will mostly send malicious content. They do not receive messages back from legitimate users. Essentially, all the legitimate users are going to be connected in some way into communities. Attackers are more isolated users on the connectivity graph.”

Xie and Yu examined anonymized data and then developed a social graph for online service security as seen in the sampled user email-connectivity graph below. The dots represent assigned or inferred IP addresses which were mined from Microsoft’s Hotmail servers. “The well-connected dots represent communities of normal users, while the outlying, minimally connected dots could indicate malicious users.”

Xie also said with the use of cloud computing advances, they will have “more power to mine large-scale data.” In order to get the upper hand on spammers, the researchers do not only want to study malicious user accounts.

Yu said their research is “focused on analyzing normal users. Those properties are more stable and more robust. You can see their communities. The normal users don’t evolve rapidly, don’t change rapidly, but attackers’ could. Focusing on normal users help us to better distinguish normal users, rather than chasing the others.”

While I’d love to see all spam and phishing be burned with fire, and I’m all for spammer accounts crashing and burning, what about people who attempt to protect their privacy by not adding friends and therefore not using IM? It’s doubtful that would put a private person on the outside of the graph next to malicious users, simply because that person wouldn’t be sending out hundreds or thousands of emails like a spammer would. I also don’t think you would land on the outside of the graph even if you have dozens of email accounts that don’t interact with folks. I’m not so sure about email accounts that belong to beloved family members who are sweet but clueless, and pollute inboxes by forwarding hundreds of emails. It remains to be seen if more study along these lines will help Microsoft researchers identify and stop spam and phishing attacks.

Like this? Here’s more posts:

  • What happens if you catch a hacker and must deal with the FBI?
  • Microsoft patent may ruin Skype, may make VoIP spy and pry easy for gov’t
  • FBI Dumpster Diving Brigade Coming Soon to Snoop in a Trashcan Near You
  • ‘Secret Law’ of Patriot Act: Geolocation Tracking & Domestic Spying on Steroids?
  • Having private parts is not probable cause for TSA to grope or body scan you
  • FaceNiff Android App Allows the Clueless to Hack Facebook in Seconds Over Wi-Fi
  • Project PM Leaks Dirt on Romas/COIN Classified Intelligence Mass Surveillance
  • Former FBI Agent Turned ACLU Attorney: Feds Routinely Spy on Citizens
  • Microsoft’s automated Future Home, what can go wrong?
  • EFF: Microsoft abusing DMCA to eradicate competing Xbox 360 accessories

Follow me on Twitter @PrivacyFanatic

ms smith

Ms. Smith (not her real name) is a freelance writer and programmer with a special and somewhat personal interest in IT privacy and security issues. She focuses on the unique challenges of maintaining privacy and security, both for individuals and enterprises. She has worked as a journalist and has also penned many technical papers and guides covering various technologies. Smith is herself a self-described privacy and security freak.