SlideShare una empresa de Scribd logo

Twarfing: Malicious Tweets

Descargar como PPT, PDF
Costin Raiu
Costin Raiu

The document summarizes a presentation given at the Virus Bulletin 2009 conference about detecting malware on Twitter. It discusses how Twitter works and notable malware incidents that have spread on the platform. It then describes the architectures of two systems - Krab Krawler from Kaspersky Lab and Red Twarf from Trend Micro - that analyze URLs from Twitter to detect malicious links and monitor for new attack patterns.

TecnologíaEducación
1 de 41
Click to edit Master title style ,[object Object],[object Object],[object Object],[object Object],[object Object],June 10 th , 2009 Event details (title, place) Costin G. Raiu Kaspersky Lab Virus Bulletin 2009 – September 24 th , Geneva Morton Swimmer Trend Micro Twarfing: Malicious tweets
Thanks to: ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],June 10 th , 2009 Event details (title, place)
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],June 10 th , 2009 Event details (title, place) Overview
What is Twitter? ,[object Object],[object Object],[object Object],June 10 th , 2009 Event details (title, place) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],App Browser Phone App Browser Phone
Related to: ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],June 10 th , 2009 Event details (title, place)
Twitter internals ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],June 10 th , 2009 Event details (title, place)
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Twitter internals June 10 th , 2009 Event details (title, place)
Stats (June 2009) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],June 10 th , 2009 Event details (title, place)
But what is ON Twitter? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],June 10 th , 2009 Event details (title, place) * Paper available at http://is.gd/3xmPz ,[object Object]
And what is inside a Tweet? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],June 10 th , 2009 Event details (title, place) SifuMoraga: presenting together with @ craiu at # vb2009 L: Geneva schouw : RT @ SifuMoraga: presenting together with @ craiu at # vb2009 L: Geneva
Long URLs, short URLs ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],June 10 th , 2009 Event details (title, place)
Most popular URL shortening services Default URL shortener on Twitter since May 2009
Malware on Twitter June 10 th , 2009 Event details (title, place) August 2008
[object Object],[object Object],[object Object],[object Object],[object Object],June 10 th , 2009 Event details (title, place) Notable incidents ,[object Object],[object Object]
June 10 th , 2009 Event details (title, place) Notable incidents ,[object Object]
June 10 th , 2009 Event details (title, place) Notable incidents ,[object Object],[object Object],[object Object]
Notable incidents ,[object Object],[object Object],[object Object],June 10 th , 2009 Event details (title, place)
Twitter and Google SB API ,[object Object],[object Object],[object Object],June 10 th , 2009 Event details (title, place) ,[object Object],[object Object]
Twitter and Google SB API June 10 th , 2009 Event details (title, place)
Google SB API ,[object Object],[object Object],[object Object],[object Object],June 10 th , 2009 Event details (title, place)
A bit about ‘bit.ly’ / ‘j.mp’ ,[object Object],[object Object],[object Object],June 10 th , 2009 Event details (title, place) Source: http://bit.ly/pages/faq/
A bit about ‘bit.ly’ / ‘j.mp’ June 10 th , 2009 Event details (title, place)
Our Robot(s) – Krab Krawler June 10 th , 2009 Event details (title, place)
Kaspersky Robot ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],June 10 th , 2009 Event details (title, place)
Krab Krawler: Architecture June 10 th , 2009 Event details (title, place)
New unique URLs per day June 10 th , 2009 Event details (title, place)
Malware we found so far June 10 th , 2009 Event details (title, place)
General stats ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],June 10 th , 2009 Event details (title, place)
Most popular URL on Twitter during Aug, Sep ‘09 June 10 th , 2009 Event details (title, place)
Our Robot(s) – Red Twarf June 10 th , 2009 Event details (title, place)
Whitetwarf ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],June 10 th , 2009 Event details (title, place)
June 10 th , 2009 Event details (title, place) WhiteTwarf – the exploratorium Twitter Tweet processing WT-Redirector Analysis Redirectors and Shorteners Domain reputations RDF Store Shortener API HTTP request SPARQL Queries Attacks, Malicious users, etc Text Sigs URLs RDF Converter URL processing Tweets
WhiteTwarf in detail ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],June 10 th , 2009 Event details (title, place)
URL redirector processing ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],June 10 th , 2009 Event details (title, place)
The next stage: RedTwarf ,[object Object],[object Object],[object Object],[object Object],June 10 th , 2009 Event details (title, place)
Detection malicious activity ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],June 10 th , 2009 Event details (title, place) posts posts tw:hasURL tw:hasURL drs:hasFQDN drs:rating mal http://mal.com/evil.exe tweet/1234 mal.com malicous http://unk.com/what.exe tweet/5678
Matching graphs June 10 th , 2009 Event details (title, place) posts posts tw:hasURL tw:hasURL drs:hasFQDN drs:rating posts posts tw:hasURL tw:hasURL drs:hasFQDN drs:rating mal http://mal.com/evil.exe tweet/1234 mal.com malicous http://unk.com/what.exe tweet/5678 ?m ?u1 ?t1 ?f malicous ?u2 ?t2
More complex attack ,[object Object],June 10 th , 2009 Event details (title, place) @ iceman : This link is cool http://cool.com/ice.html @notniceman: RT: @ iceman : This link is cool http://c00l.com/ice.exe posts posts hasURL hasURL textSig textSig iceman tweet/1001 thislinkiscool http://cool.com/ice.html notniceman tweet/1005 http://c00l.com/ice.exe
Matching Graphs June 10 th , 2009 Event details (title, place) posts posts posts posts hasURL hasURL hasURL hasURL textSig textSig textSig textSig iceman tweet/1001 thislinkiscool http://cool.com/ice.html notniceman tweet/1005 http://c00l.com/ice.exe ?u1 ?t1 ?s ?u1 ?mu ?t2 ?u2
June 10 th , 2009 Event details (title, place) Conclusions ,[object Object],[object Object],[object Object],[object Object],[object Object],We would like to thank VB and the charming audience for your support with 140 characters and guess what, we just did it! #vb2009
Click to edit Master title style ,[object Object],[object Object],[object Object],[object Object],[object Object],June 10 th , 2009 Event details (title, place) Thank you! [email_address] ro twitter.com/craiu [email_address] twitter.com/sifumoraga

Recomendados

Sourcing Candidates Using Twitter and Google+
Sourcing Candidates Using Twitter and Google+Sourcing Candidates Using Twitter and Google+
Sourcing Candidates Using Twitter and Google+
HM Revenue & Customs
 
Technical SEO for the Non-Techie: Overview
Technical SEO for the Non-Techie: OverviewTechnical SEO for the Non-Techie: Overview
Technical SEO for the Non-Techie: Overview
Elementive
 
John Conroy
John ConroyJohn Conroy
John Conroy
blogtalk
 
History of Internet Searching
History of Internet SearchingHistory of Internet Searching
History of Internet Searching
Scott Lee
 
Google Dorks
Google DorksGoogle Dorks
Google Dorks
Adhoura Academy
 
GO TO GATZ: Twitter Dictionary
GO TO GATZ: Twitter Dictionary GO TO GATZ: Twitter Dictionary
GO TO GATZ: Twitter Dictionary
Gatz Optimize LLC
 
Use an Initial Social Media Blast to Increase Your Visibility
Use an Initial Social Media Blast to Increase Your VisibilityUse an Initial Social Media Blast to Increase Your Visibility
Use an Initial Social Media Blast to Increase Your Visibility
lance carlson
 
Google Hack
Google HackGoogle Hack
Google Hack
mukundcpilankar
 

Recomendados

Sourcing Candidates Using Twitter and Google+
Sourcing Candidates Using Twitter and Google+Sourcing Candidates Using Twitter and Google+
Sourcing Candidates Using Twitter and Google+
HM Revenue & Customs
 
Technical SEO for the Non-Techie: Overview
Technical SEO for the Non-Techie: OverviewTechnical SEO for the Non-Techie: Overview
Technical SEO for the Non-Techie: Overview
Elementive
 
John Conroy
John ConroyJohn Conroy
John Conroy
blogtalk
 
History of Internet Searching
History of Internet SearchingHistory of Internet Searching
History of Internet Searching
Scott Lee
 
Google Dorks
Google DorksGoogle Dorks
Google Dorks
Adhoura Academy
 
GO TO GATZ: Twitter Dictionary
GO TO GATZ: Twitter Dictionary GO TO GATZ: Twitter Dictionary
GO TO GATZ: Twitter Dictionary
Gatz Optimize LLC
 
Use an Initial Social Media Blast to Increase Your Visibility
Use an Initial Social Media Blast to Increase Your VisibilityUse an Initial Social Media Blast to Increase Your Visibility
Use an Initial Social Media Blast to Increase Your Visibility
lance carlson
 
Google Hack
Google HackGoogle Hack
Google Hack
mukundcpilankar
 
How to start using Twitter
How to start using TwitterHow to start using Twitter
How to start using Twitter
Albert Einstein Cancer Center
 
Twitter Slides
Twitter SlidesTwitter Slides
Twitter Slides
Michael Rees
 
Twitter
TwitterTwitter
Twitter
becca6453
 
[Tips] how to use google search efficiently
[Tips] how to use google search efficiently[Tips] how to use google search efficiently
[Tips] how to use google search efficiently
Sanjeev Kumar Jaiswal
 
An introduction to Twitter
An introduction to TwitterAn introduction to Twitter
An introduction to Twitter
Together Housing Group
 
What is Twitter and How to Use It
What is Twitter and How to Use ItWhat is Twitter and How to Use It
What is Twitter and How to Use It
Ekaterina Walter
 
pycon-2015-liza-daly
pycon-2015-liza-dalypycon-2015-liza-daly
pycon-2015-liza-daly
Liza Daly
 
Twitter & Tweets
Twitter & TweetsTwitter & Tweets
Twitter & Tweets
BARRY HAMMOND
 
La recherche sur internet, l'E-réputation
La recherche sur internet, l'E-réputationLa recherche sur internet, l'E-réputation
La recherche sur internet, l'E-réputation
Bernard André
 
Twitter And Its Value To Librarians
Twitter And Its Value To LibrariansTwitter And Its Value To Librarians
Twitter And Its Value To Librarians
Phil Bradley
 
Twinder: A Search Engine for Twitter Streams
Twinder: A Search Engine for Twitter Streams Twinder: A Search Engine for Twitter Streams
Twinder: A Search Engine for Twitter Streams
Ke Tao
 
Effective Use of the Twitter Search API
Effective Use of the Twitter Search APIEffective Use of the Twitter Search API
Effective Use of the Twitter Search API
Eric Jensen
 
Twitter & Facebook 101
Twitter & Facebook 101Twitter & Facebook 101
Twitter & Facebook 101
Kory Kredit
 
Module 02.Spreadable media
Module 02.Spreadable mediaModule 02.Spreadable media
Module 02.Spreadable media
Julian Matthews
 
Social Media Online Reputation Management (ORM)
Social Media Online Reputation Management (ORM)Social Media Online Reputation Management (ORM)
Social Media Online Reputation Management (ORM)
Jordan Kasteler
 
Podcamp Nashville
Podcamp NashvillePodcamp Nashville
Podcamp Nashville
Dick Pepper
 
Search engines coh m
Search engines coh mSearch engines coh m
Search engines coh m
cpcmattc
 
Twitter for PR (Public Relations)
Twitter for PR (Public Relations)Twitter for PR (Public Relations)
Twitter for PR (Public Relations)
Corinne Weisgerber
 
Enterprise SEO - Pain Management Strategies
Enterprise SEO - Pain Management StrategiesEnterprise SEO - Pain Management Strategies
Enterprise SEO - Pain Management Strategies
petryshen
 
4 presentation identifying good quality information sources using twitter
4 presentation identifying good quality information sources using twitter4 presentation identifying good quality information sources using twitter
4 presentation identifying good quality information sources using twitter
moledzki
 
B-sides Las Vegas - social network security
B-sides Las Vegas - social network securityB-sides Las Vegas - social network security
B-sides Las Vegas - social network security
Damon Cortesi
 
Mashups and data portals where next? (spatial@gov)
Mashups and data portals where next? (spatial@gov)Mashups and data portals where next? (spatial@gov)
Mashups and data portals where next? (spatial@gov)
josediacono
 

Más contenido relacionado

La actualidad más candente

pycon-2015-liza-daly
pycon-2015-liza-dalypycon-2015-liza-daly
pycon-2015-liza-daly
Liza Daly
 
La recherche sur internet, l'E-réputation
La recherche sur internet, l'E-réputationLa recherche sur internet, l'E-réputation
La recherche sur internet, l'E-réputation
Bernard André
 
Twinder: A Search Engine for Twitter Streams
Twinder: A Search Engine for Twitter Streams Twinder: A Search Engine for Twitter Streams
Twinder: A Search Engine for Twitter Streams
Ke Tao
 
Module 02.Spreadable media
Module 02.Spreadable mediaModule 02.Spreadable media
Module 02.Spreadable media
Julian Matthews
 
Search engines coh m
Search engines coh mSearch engines coh m
Search engines coh m
cpcmattc
 
4 presentation identifying good quality information sources using twitter
4 presentation identifying good quality information sources using twitter4 presentation identifying good quality information sources using twitter
4 presentation identifying good quality information sources using twitter
moledzki
 

La actualidad más candente (20)

How to start using Twitter
How to start using TwitterHow to start using Twitter
How to start using Twitter
 
Twitter Slides
Twitter SlidesTwitter Slides
Twitter Slides
 
Twitter
TwitterTwitter
Twitter
 
[Tips] how to use google search efficiently
[Tips] how to use google search efficiently[Tips] how to use google search efficiently
[Tips] how to use google search efficiently
 
An introduction to Twitter
An introduction to TwitterAn introduction to Twitter
An introduction to Twitter
 
What is Twitter and How to Use It
What is Twitter and How to Use ItWhat is Twitter and How to Use It
What is Twitter and How to Use It
 
pycon-2015-liza-daly
pycon-2015-liza-dalypycon-2015-liza-daly
pycon-2015-liza-daly
 
Twitter & Tweets
Twitter & TweetsTwitter & Tweets
Twitter & Tweets
 
La recherche sur internet, l'E-réputation
La recherche sur internet, l'E-réputationLa recherche sur internet, l'E-réputation
La recherche sur internet, l'E-réputation
 
Twitter And Its Value To Librarians
Twitter And Its Value To LibrariansTwitter And Its Value To Librarians
Twitter And Its Value To Librarians
 
Twinder: A Search Engine for Twitter Streams
Twinder: A Search Engine for Twitter Streams Twinder: A Search Engine for Twitter Streams
Twinder: A Search Engine for Twitter Streams
 
Effective Use of the Twitter Search API
Effective Use of the Twitter Search APIEffective Use of the Twitter Search API
Effective Use of the Twitter Search API
 
Twitter & Facebook 101
Twitter & Facebook 101Twitter & Facebook 101
Twitter & Facebook 101
 
Module 02.Spreadable media
Module 02.Spreadable mediaModule 02.Spreadable media
Module 02.Spreadable media
 
Social Media Online Reputation Management (ORM)
Social Media Online Reputation Management (ORM)Social Media Online Reputation Management (ORM)
Social Media Online Reputation Management (ORM)
 
Podcamp Nashville
Podcamp NashvillePodcamp Nashville
Podcamp Nashville
 
Search engines coh m
Search engines coh mSearch engines coh m
Search engines coh m
 
Twitter for PR (Public Relations)
Twitter for PR (Public Relations)Twitter for PR (Public Relations)
Twitter for PR (Public Relations)
 
Enterprise SEO - Pain Management Strategies
Enterprise SEO - Pain Management StrategiesEnterprise SEO - Pain Management Strategies
Enterprise SEO - Pain Management Strategies
 
4 presentation identifying good quality information sources using twitter
4 presentation identifying good quality information sources using twitter4 presentation identifying good quality information sources using twitter
4 presentation identifying good quality information sources using twitter
 

Similar a Twarfing: Malicious Tweets

Onesocialweb Presentation at OTA10
Onesocialweb Presentation at OTA10Onesocialweb Presentation at OTA10
Onesocialweb Presentation at OTA10
dianacheng
 
Twitter API & OAuth 101 TVUG October 2009
Twitter API & OAuth 101 TVUG October 2009Twitter API & OAuth 101 TVUG October 2009
Twitter API & OAuth 101 TVUG October 2009
Andrew Badera
 
Intriduction to Ontotext's KIM platform
Intriduction to Ontotext's KIM platformIntriduction to Ontotext's KIM platform
Intriduction to Ontotext's KIM platform
toncho11
 
RSS and Atom in the Social Web
RSS and Atom in the Social WebRSS and Atom in the Social Web
RSS and Atom in the Social Web
hchen1
 
SeaBeyond 2011 ProcessOne - Diana Cheng: OneSocialWeb
SeaBeyond 2011 ProcessOne - Diana Cheng: OneSocialWebSeaBeyond 2011 ProcessOne - Diana Cheng: OneSocialWeb
SeaBeyond 2011 ProcessOne - Diana Cheng: OneSocialWeb
ProcessOne
 
Ssn Web 2.0 And Beyond
Ssn Web 2.0 And BeyondSsn Web 2.0 And Beyond
Ssn Web 2.0 And Beyond
loseyourself
 

Similar a Twarfing: Malicious Tweets (20)

B-sides Las Vegas - social network security
B-sides Las Vegas - social network securityB-sides Las Vegas - social network security
B-sides Las Vegas - social network security
 
Mashups and data portals where next? (spatial@gov)
Mashups and data portals where next? (spatial@gov)Mashups and data portals where next? (spatial@gov)
Mashups and data portals where next? (spatial@gov)
 
The Internet as Web Services: introduction to ReST
The Internet as Web Services: introduction to ReSTThe Internet as Web Services: introduction to ReST
The Internet as Web Services: introduction to ReST
 
Onesocialweb Presentation at OTA10
Onesocialweb Presentation at OTA10Onesocialweb Presentation at OTA10
Onesocialweb Presentation at OTA10
 
Web2 And Java
Web2 And JavaWeb2 And Java
Web2 And Java
 
Twitter API & OAuth 101 TVUG October 2009
Twitter API & OAuth 101 TVUG October 2009Twitter API & OAuth 101 TVUG October 2009
Twitter API & OAuth 101 TVUG October 2009
 
Splunk Stream - Einblicke in Netzwerk Traffic
Splunk Stream - Einblicke in Netzwerk TrafficSplunk Stream - Einblicke in Netzwerk Traffic
Splunk Stream - Einblicke in Netzwerk Traffic
 
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
Drive By Downloads: How To Avoid Getting a Cap Popped in Your App
 
We are losing our tweets!
We are losing our tweets!We are losing our tweets!
We are losing our tweets!
 
Internet for everyone
Internet for everyoneInternet for everyone
Internet for everyone
 
Intriduction to Ontotext's KIM platform
Intriduction to Ontotext's KIM platformIntriduction to Ontotext's KIM platform
Intriduction to Ontotext's KIM platform
 
RSS and Atom in the Social Web
RSS and Atom in the Social WebRSS and Atom in the Social Web
RSS and Atom in the Social Web
 
Designing & Building Secure Web APIs
Designing & Building Secure Web APIsDesigning & Building Secure Web APIs
Designing & Building Secure Web APIs
 
Web of data
Web of dataWeb of data
Web of data
 
Smart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and ExploitationSmart Bombs: Mobile Vulnerability and Exploitation
Smart Bombs: Mobile Vulnerability and Exploitation
 
Turbot - A Next Generation Botnet
Turbot - A Next Generation BotnetTurbot - A Next Generation Botnet
Turbot - A Next Generation Botnet
 
Semantic Web and the Social Web
Semantic Web and the Social WebSemantic Web and the Social Web
Semantic Web and the Social Web
 
SeaBeyond 2011 ProcessOne - Diana Cheng: OneSocialWeb
SeaBeyond 2011 ProcessOne - Diana Cheng: OneSocialWebSeaBeyond 2011 ProcessOne - Diana Cheng: OneSocialWeb
SeaBeyond 2011 ProcessOne - Diana Cheng: OneSocialWeb
 
Web 2
Web 2Web 2
Web 2
 
Ssn Web 2.0 And Beyond
Ssn Web 2.0 And BeyondSsn Web 2.0 And Beyond
Ssn Web 2.0 And Beyond
 

Último

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 

Último (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

Twarfing: Malicious Tweets

  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12. Most popular URL shortening services Default URL shortener on Twitter since May 2009
  • 13. Malware on Twitter June 10 th , 2009 Event details (title, place) August 2008
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19. Twitter and Google SB API June 10 th , 2009 Event details (title, place)
  • 20.
  • 21.
  • 22. A bit about ‘bit.ly’ / ‘j.mp’ June 10 th , 2009 Event details (title, place)
  • 23. Our Robot(s) – Krab Krawler June 10 th , 2009 Event details (title, place)
  • 24.
  • 25. Krab Krawler: Architecture June 10 th , 2009 Event details (title, place)
  • 26. New unique URLs per day June 10 th , 2009 Event details (title, place)
  • 27. Malware we found so far June 10 th , 2009 Event details (title, place)
  • 28.
  • 29. Most popular URL on Twitter during Aug, Sep ‘09 June 10 th , 2009 Event details (title, place)
  • 30. Our Robot(s) – Red Twarf June 10 th , 2009 Event details (title, place)
  • 31.
  • 32. June 10 th , 2009 Event details (title, place) WhiteTwarf – the exploratorium Twitter Tweet processing WT-Redirector Analysis Redirectors and Shorteners Domain reputations RDF Store Shortener API HTTP request SPARQL Queries Attacks, Malicious users, etc Text Sigs URLs RDF Converter URL processing Tweets
  • 33.
  • 34.
  • 35.
  • 36.
  • 37. Matching graphs June 10 th , 2009 Event details (title, place) posts posts tw:hasURL tw:hasURL drs:hasFQDN drs:rating posts posts tw:hasURL tw:hasURL drs:hasFQDN drs:rating mal http://mal.com/evil.exe tweet/1234 mal.com malicous http://unk.com/what.exe tweet/5678 ?m ?u1 ?t1 ?f malicous ?u2 ?t2
  • 38.
  • 39. Matching Graphs June 10 th , 2009 Event details (title, place) posts posts posts posts hasURL hasURL hasURL hasURL textSig textSig textSig textSig iceman tweet/1001 thislinkiscool http://cool.com/ice.html notniceman tweet/1005 http://c00l.com/ice.exe ?u1 ?t1 ?s ?u1 ?mu ?t2 ?u2
  • 40.
  • 41.

Notas del editor

  1. First malware link as far as we can determine was posted to Twitter in August 2008 It was a link to a website that was trying to distribute a banking trojan through social engineering tricks