Twitter Porn Spam Spreads via New Botnet Attack

Over the past few months security experts identified a large-scale Twitter Porn Spam botnet attack. The instance is being used to generate and operate thousands of fake accounts that feature links leading to an affiliate network.

Related Story: Twitter Botnet Attack Creates 3 Million Shell Accounts

The Twitter Porn Spam Botnet Relies on Fake Porn Accounts

Twitter users are facing a new annoying botnet spam campaign. A recent attack wave is being operated by large affiliate networks and marketing agencies. This is a classic tactic of spawning numerous counterfeit accounts that redirect to adult themed sites. The profiles are set up using templates that feature randomly-chosen values from a preset database.

Users of the social network can easily spot the fakes by looking out for generic sounding descriptions, stock images as profile pics and tweets that all feature shortened URL links that lead to porn websites and adult dating services. Depending on the mode of operation the counterfeit profiles can also reply or message the Twitter users.

The researchers report that more than 86 262 accounts have been created by the botnet. The counterfeit profiles posted 8.6 million posts containing links to affiliate adult sites. The majority of the sites appear to be operated by a company called Deniro Marketing. It is possible that it is used as a proxy agent – adult website owners can contact the company and for a certain fee they generate the botnet profiles that provide links in return for a payment.

How To Spot The Twitter Porn Spam Profiles

Twitter users can protect themselves from falling victim to the porn spam botnet by watching out for some of the typical signs. Here are some of the common traits that are associated with spam profiles on the social network:

  • The counterfeit Twitter Porn Spam accounts use a display name pattern “Firstname and Surname”. The first letters of each name are capitalized and they are separated by a single whitespace character. The names themselves are randomly-chosen from a dictionary or a list containing the most common female names.
  • As the spam Twitter profiles are generated using a computer algorithm they most frequently employ an identical characters-long username. The analyzed spam campaign in this instance was set to 15-characters.
  • All of the profiles feature adult contents by placing shortened links in the description or tweets. Using a reconfigured algorithm the botnet can also send replies or mention (using the @-mention) certain users with links.
  • Ever since the first mass usage of botnets for spreading such porn spam messages was detected, the security researchers analyzed that they have generated more than 30 million clicks from February to June 2017.
Related Story: Epic Twitter Botnet Discovered

Further details about the Twitter Porn Spam Botnet Attack

The aim of the criminal operators is to convince the users into signing up for subscription-based porn sites – video sites, webcam portals or fake dating sites. Some of the addresses are known scams and can even lead to malware infections.

The security research unveiled some of the tactics used by the botnet to evade detection. The fake Twitter porn spam accounts are being generated over time, only those that have attained a certain “age” are employed in the attacks. This is used to counter some of the filters and mechanisms used by the social network to detect service abuse.

In this campaign it was found that about 20% of the profiles were at least one year old. Like other campaigns the attack campaign can be modified if the operators decided to do so. Marketing agencies and other advertising channels can also sometimes use botnets and other forms of spam generation to boost traffic to the sites of their customers. All of this means that further mass attacks with porn or other types of content are going to continue on all possible channels.

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts

Follow Me:
TwitterGoogle Plus

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.