|Abstract:||As millions of users flock to online social networks, sites such as Facebook and Twitter are becoming increasingly attractive targets for spam, phishing, and malware. The Koobface botnet in particular has honed its efforts to ex- ploit social network users, leveraging zombies to gen- erate accounts, befriend victims, and to send malware propagation spam. In this paper, we explore Koobface’s zombie infrastructure and analyze one month of the bot- net’s activity within both Facebook and Twitter. Con- structing a zombie emulator, we are able to infiltrate the Koobface botnet to discover the identities of fraudulent and compromised social network accounts used to dis- tribute malicious links to over 213,000 social network users, generating over 157,000 clicks. Despite the use of domain blacklisting services by social network oper- ators to filter malicious links, current defenses recognize only 27% of threats and take on average 4 days to re- spond. During this period, 81% of vulnerable users click on Koobface spam, highlighting the ineffectiveness of blacklists.