Over the past few months security experts identified a large-scale Twitter Adult Content Spam botnet attack. The instance is being used to generate and operate thousands of fake accounts that feature links leading to an affiliate network.
The Twitter Adult Content Spam Botnet Relies on Fake Adult Site Accounts
Twitter users are facing a new annoying botnet spam campaign. A recent attack wave is being operated by large affiliate networks and marketing agencies. This is a classic tactic of spawning numerous counterfeit accounts that redirect to adult themed sites. The profiles are set up using templates that feature randomly-chosen values from a preset database.
Users of the social network can easily spot the fakes by looking out for generic sounding descriptions, stock images as profile pics and tweets that all feature shortened URL links that lead to Adilt websites and adult dating services. Depending on the mode of operation the counterfeit profiles can also reply or message the Twitter users.
The researchers report that more than 86 262 accounts have been created by the botnet. The counterfeit profiles posted 8.6 million posts containing links to affiliate adult sites. The majority of the sites appear to be operated by a company called Deniro Marketing. It is possible that it is used as a proxy agent – adult website owners can contact the company and for a certain fee they generate the botnet profiles that provide links in return for a payment.
How To Spot The Twitter Adult Content Spam Profiles
Twitter users can protect themselves from falling victim to the adult content spam botnet by watching out for some of the typical signs. Here are some of the common traits that are associated with spam profiles on the social network:
- The counterfeit Twitter Adult content Spam accounts use a display name pattern “Firstname and Surname”. The first letters of each name are capitalized and they are separated by a single whitespace character. The names themselves are randomly-chosen from a dictionary or a list containing the most common female names.
- As the spam Twitter profiles are generated using a computer algorithm they most frequently employ an identical characters-long username. The analyzed spam campaign in this instance was set to 15-characters.
- All of the profiles feature adult contents by placing shortened links in the description or tweets. Using a reconfigured algorithm the botnet can also send replies or mention (using the @-mention) certain users with links.
- Ever since the first mass usage of botnets for spreading such adult content spam messages was detected, the security researchers analyzed that they have generated more than 30 million clicks from February to June 2017.
Further details about the Twitter Adult Content Spam Botnet Attack
The aim of the criminal operators is to convince the users into signing up for subscription-based padult sites – video sites, webcam portals or fake dating sites. Some of the addresses are known scams and can even lead to malware infections.
The security research unveiled some of the tactics used by the botnet to evade detection. The fake Twitter adult content spam accounts are being generated over time, only those that have attained a certain “age” are employed in the attacks. This is used to counter some of the filters and mechanisms used by the social network to detect service abuse.
In this campaign it was found that about 20% of the profiles were at least one year old. Like other campaigns the attack campaign can be modified if the operators decided to do so. Marketing agencies and other advertising channels can also sometimes use botnets and other forms of spam generation to boost traffic to the sites of their customers. All of this means that further mass attacks with Adult content or other types of content are going to continue on all possible channels.
Martin Beltov
Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.
Follow Me: