What's this odd twitter spam about?

Submitted by brad on Sat, 2009-11-28 16:48
Topic: 
Media

Some recent searches have revealed unusual activity on twitter, and I wonder where it's going. Narcissus searches on twitter reveal a variety of accounts tweeting links into my blog and sites, for reasons not clearly apparent.

For example, a week ago, a half dozen identical twitter accounts all tweeted my post about electric cars playing music. All the accounts had pictures of models as their icon, and the exact same set of twitter posts, which seem to be a random collection of blog and news URLs with a bit.ly pointer to the item, all posted via twitterfeed. These accounts seem to follow and be followed by about 500, presumably the same list.

Here are some of the accounts:

Then more recently I see another set of accounts which all follow about 20 people but are followed by about 200 to 500. They are all posting "from API" and again are just posting links, this time with tinyurl.com. The account names are odd, too.

  • sheen0uz
  • http://twitter.com/moshelir3u
  • http://twitter.com/felecin9v

These also seem to to have cute girls as icons. However, strangely, the many followers appear to be real, or at least some of them appear to be. Why are people following a spam robot? Are the followers people who were paid to do it, or are in some twitter-optimization scheme?

What I am curious about is the motive. Are they linking to real sites in the hope of gaining some sort of legitimacy in twitter indexing engines, so that later they can start linking to people who pay for it? (Twitter SEO?) Are they trying to form twitter equivalents of link farms? Are they just hoping that site authors will see the backlinks and look at them for some later purpose? (You would be amazed how many hits on a web server are there just to put a spammer in the "Referer" field, either to get you to look, or to show up in referer logs that some sites post to the web.)

Thoughts on what's up?

Share on:
  • Reddit logo
  • Facebook logo
  • Twitter logo
  • LinkedIn logo

Comments

David Orban

Sun, 2009-11-29 13:05

Hi Brad,

the spam accounts get followed because people have set "automatically follow followers" in their accounts or client software. As far as the reason the spam accounts are being set up to spread malware... My friend Costin Raiu of Kaspersky created a tool to analyze the links in twitter spam (yes, the fake bot accounts that haven't tweeted yet are on the ready...).

David

brad

Sun, 2009-11-29 22:41

So this would suggest that they are following people (hoping for an auto-follow) and then immediately un-following. Which they could do but what value do they get from the un-following, I wonder?

So the supposition is that the accounts are constantly tweeting real links to appear useful and legitimate, and then they will throw you a malware link once you are hooked? Seems like it could work but is a lot of work for it. The links seem to be at random -- I found them as they linked to me but the links seem all over the place, they are not there because of some great appreciation for my pages.

I expect follow-any-who-follow-me will vanish over time if this keeps up.

Damian

Tue, 2009-12-01 16:12

4 steps to get rid of Twitter Spam
http://idaconcpts.com/2009/11/04/twitter/

brad

Tue, 2009-12-01 17:11

The page has nothing to do with the twitter streams I am talking about, but another kind of spam through twitter.

Damian

Tue, 2009-12-01 18:28

I thought it would be helpful to provide a guide on how to avoid most types of phishing attacks and Twitter spam. Yes, you're right the type of suspicious activity that you're referring to on your post is not cause by granting access to our Twitter accounts.

Anonymous

Fri, 2010-01-22 23:04

http://yiannopoulos.net/2009/12/we-are-social-honest/

Tigerdoom

Sun, 2010-01-31 07:24

Hi Brad, I seem to get a fair few of these also, many linking to pay to view adult sites or offering free iphones or something. I think the idea is to get as many followers to sign up and in return they are rewarded by the host?

Add new comment