Tuesday, January 05, 2010

Twiguard update week 2

In a follow up to last weeks post on how quickly established blacklist systems can respond to social networking threats I have rerun the same list of URLs through an updated Google Safe Browse install. Last week this list produced 1250 hits, this week it has produced 1741 hits. That is around a 39% increase in a week. This alone is not bad but if you think about how quickly a scammer of phisher can set up a new site and lure in victims even a few hours can make a big difference in curbing infections. I will rerun this test in a week and report the results, by then I should have enough data to start creating pretty charts!

Twiguard does more than just collect bad urls, it collects bad users as well. We have created a formula for evaluating a Twitter profile and their 20 most recent tweets and assigning them a score between 0 and 100. The closer to 100 the score is the more likely the profile is a spammer/malware/somebody you don’t want to talk to. We call this score the "follow score" or folscore in programs. Below is a screen shot of out database where we have tracked unique users for 8 hours. We ended up with 61255 users of which 5144 had a score of 75 or higher. Anything above 75 is our threshold for confidently marking a profile as dangerous. The average profile score is 9 with about 8% of all observed users falling into the over 75 range. We are constantly tweaking the algorithm when we find false positives or statistical outliers. At this time all the users that have been identified spreading banned users have a follow score of 90 or higher so I am feeling confident about the accuracy.

As an example my Twitter account is donicer and I have a score of 4 and I am almost positively sure I am not a spammer!

No comments: