Uncovering the wholesale industry of social media fraud: from botnet to bulk reseller panels

Thursday 4 October 14:00 - 14:30, Green room

Masarah Paquet-Clouston (GoSecure)

There is no doubt that there has been an increasing interest in understanding the industry of social media fraud (SMF), which is the process of creating fake 'likes' and 'follows' on online social networks (OSN), and its potential deceptive capabilities. This paper explores an undocumented segment of this industry: wholesaling, from botnet supply operations to bulk reselling.

To begin, the paper focuses on a previously unexplored aspect of Linux/Moose, an IoT botnet conducting SMF. Linux/Moose infects devices in order to use them as proxies to relay traffic to social networks. Its architecture includes a whitelist of IP addresses that can push traffic through those proxies, a feature reminiscent of a reseller model. We analyse the traffic fingerprints left by each IP address on the systems we infected and uncover the value of these whitelisted IPs, which is not what we had anticipated. Then, we collect information on bulk reseller panels, the direct working partners of the botnet operators. While analysing their striking similarities, we discover a new key actor in the industry: software panel sellers. We investigate the panels in an attempt to understand how they are connected to main SMF providers like Linux/Moose.

Finally, we map the SMF supply chain, discuss key actors that, if targeted, would disrupt the entire industry, and show the likely unequal revenue division in the chain. This is a first review study on the wholesale industry of SMF. It provides key insights for actors willing to curb this illicit activity, from law enforcement agencies to policy makers and cybersecurity professionals.



Masarah Paquet-Clouston

Masarah Paquet-Clouston is a security researcher at GoSecure, a Ph.D. student at Simon Fraser University in criminology, and one of Canada's decorated 150 scientific innovators. With her background in economics and criminology, she specializes in the study of markets behind illicit online activities. Her work has been published in several peer-reviewed journals, such as Social Networks, Global Crime and the International Journal for the Study of Drug Policy, and she has presented at various international conferences including WEIS, Black Hat Europe, Botconf and the American Society of Criminology.




Related links

   Download slides    Read paper

Other VB2018 papers

Windows Defender under the microscope: a reverse engineer's perspective

Alexei Bulazel (ForAllSecure)

The missing link in the chain? Android network analysis

Rowland Yu (Sophos)

Panel discussion: Will WHOIS go dark? Threat intelligence in the post GDPR era.

Michael Osterman (Osterman Research)
Norm Ritchie (Secure Domain Foundation)
Tom Bartel (Return Path Data Services)
Mark Kendrick (DomainTools)

Back to VB2018 Programme page

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.