Whether we like it or not, spam bots have become an integral part of our online life. Sometimes an attacker creates a network of these bots, a botnet, for malicious purposes. An online security research firm, ZeroFOX has recently identified a botnet attack on Twitter, citing it as "one of the largest malicious campaigns ever recorded on a social network."
The botnet is called SIREN, aptly named after the Greek mythical creatures, Siren, who lured sailors into wrecking their ships using irresistible music. It includes almost 90,000 Twitter accounts that posted more than 8.5 million tweets and generated 30 million clicks in just a few weeks. Most of these tweets are created by accounts with similar characteristics: an intimate profile picture of a woman and bio that includes a spam URL. Many of these accounts have prior activities and were created almost a year ago to bypass Twitter's spam detection system. Moreover, the bots used Google's URL shortener service, goo.gl to mask their malicious URLs.
The accounts engaged with Twitter users by directly quoting their tweets while inserting a spam URL in the process. As expected of most scripted accounts of this nature, their tweets include sexually explicit phrases and irrelevant context.
After going through the destination URLs, ZeroFOX has found that most of the links redirect to adult dating websites and other subscription based porn services. According to the firm, two of the domains used by the botnet are associated with a company called Deniro Marketing. However, the company is yet to respond to the development.
Fortunately, Twitter has already taken action against the botnet, as most of the spam accounts have now been deleted. ZeroFOX has also reported to Google about the use of its URL shortener service in the attack. As a result, the search giant has blocked the long URLs associated with the attack.
This is just another reminder for everyone to be careful online and with social media; as with real life, if it looks too good to be true, it probably is. You can head over to ZeroFox's website to find a detailed analysis of its investigation.