Social network service(SNS) is a new emerging Web application form. With the growth of SNS in application, the trust that plays the role of connecting people brings both good user experience and threats. Trust expansion is not only the means that SNS users construct their online social network with, but also exploited by the attackers to collect victims. Hence, it is desirable to detect the malicious trust expansion behaviors to prevent subsequent attacks. By analyzing the forming process of SNS complex network via a growth model (SNDM), it is discovered that the malicious users are quite possible to adopt some measures to avoid being exposed. This will bring in unavoidable difference in behavior features, so the difference is a weak point that can be exploited to identify the malicious users. In this paper the detailed analysis about the above issue is given, and a practical evaluation-based filter is designed to detect the attackers. Based on the filter a resilient trust control strategy is proposed to restrict and weaken the malicious users, and the normal users will not be bothered. The analysis and conclusions are positively supported by simulation or experiment in a real SNS scenario.