Twitter kills 90,000 fake accounts promising online sex

Micro blogging site Twitter was recently alerted by a US-based digital security company about a massive botnet campaign promising online sex to its users. Since then, Twitter has removed nearly 90,000 such fake accounts.

Dubbed as 'SIREN', the fake botnet campaign was discovered by ZeroFOX, a Baltimore-based security firm specializing in social-media threat detection. ZeroFOX noted, “As of 10 July, ZeroFOX disclosed all of the Twitter profiles and posts to the Twitter security team, who subsequently removed them. Twitter was prompt and efficient in their takedown, as the malicious botnet is in clear violation of their Terms of Service.” 

About the Botnet

The SIREN botnet leverages a vast network of algorithmically generated Twitter accounts to distribute a payload URL that redirects to a variety of spam pornography websites. All of the nearly 90,000 accounts have a suggestive photo of a woman as a profile picture and a female name as the display name. The accounts either engage directly with a target by quoting one of their tweets or attracting targets to the payload visible on their profile bio or pinned tweet.

The tweets themselves generally contained canned, sexually-explicit text, often in broken English, compelling the target to click, such as “you want to meet with me?” or “Push,don’t be shy” [sic]. 98.2% of bot tweets adhered to a predictable text pattern, consisting of:

1. A sexually explicit phrase (“First Phrase”)

2. An exclamation point

3. A phrase designed to socially engineer user to click the URL (“Second Phrase”)

4. The shortened goo.gl URL

The post also ties together the SIREN botnet discovered by ZeroFOX Threat Research with a large email spam botnet recently disclosed by Brian Krebs in KrebsOnSecurity. Both the social spam botnet and the email spam botnet leverage similar tactics and drive victims to the same network of pornographic websites. “To our knowledge, the botnet is one of the largest malicious campaigns ever recorded on a social network.”