They easily bypass spam filters and can distribute any prohibited or confidential information.
From February to July 2017, ZeroFOX Threat Research studied a large-scale network of tweet-bots that distributed links to porn sites. They found almost 90 thousand dummy accounts that send links to fake sites, stealing from the victims thousands of dollars.
According to experts, this is one of the most large-scale networks of automatic spammers, ever fixed in social networks.
Specialists called a coordinated network of bots aimed at spreading pornography, “Sirens” (Siren). These are sea creatures from Greek mythology, which tempted sailors by singing and deceiving them to death. And although programmed bots can not cause the same harm as their namesake, such a large-scale network threatens the safety of users of social networks.
This botnet community, numbering 90,000 accounts, has already distributed more than eight million messages with spam. By clicking on the links more than 30 million times, which, according to researchers, indicates serious security holes.
All profiles, called exclusively female names (often Russian), userpic is a picture of the girl, and in the description – a hostile link to the URL of Google. Bots attract attention, responding with a link to a tweet of users, usually the last or fixed. In some cases, they write short messages, like “do you want me?” Or “click [on the link] do not be shy.”
If the victim clicks on a link disguised as a Google URL, it is transferred from the Twitter domain t.co to the goo.gl domain, which then forwards the user to a third-party site, and from there, his data again hits Google and Twitter. In this way, the bots bypass the service protection protocols from spam and lull the victim’s vigilance, which trustingly clicks on the familiar links.
The final transition leads people to a site offering to subscribe to porn content, webcam-model services or a dating service. These sites are usually created legally, but spread false information.
For example, if a person signs a subscription, specifying an e-mail or phone number, he will receive spam of different content. According to the FBI, some victims of bots lose up to 100 thousand dollars on front sites , and their personal data is illegally transferred to third parties.
Specialists ZeroFOX believe that the “sirens” are managed from Eastern Europe or Russia. Bot accounts often carry female names of Russian origin, and Russian is considered spammers as the second most popular language after English.
After the publication of the study, the management of Twitter deleted nearly 90 thousand dummy accounts and their messages, and Google added a dummy domain, cut through the search engine, into the black list. Nevertheless, it was not possible to completely clear Twitter from spam and pornography .
Other similar bot networks
In October 2016, the anonymous author contacted the American journalist Brian Krebs, dealing with cybersecurity. He shared with him a list of almost 100 different URLs , which displayed 1.2 million bots in text form.
While the journalist tried to understand who and why runs this unified system, the number of active bots in the system fell. By June 2017, their number was fixed somewhere in the range of 50-100 thousand. Krebs found out that bots invariably promote on the Internet two companies: CyberErotica and Deniro Marketing LLC (also known as AmateurMatch ).
According to TechCrunch, the site CyberErotica was founded in 1994 – it’s a porn site with a monthly subscription. In 2001, its owners were accused of having positioned the service as free, but in fact they took a monthly fee from the user’s card and complicated the process of unsubscribing.
The authors of the Deniro Marketing LLC day-service also found themselves at the center of scandals. In 2010, the company was accused of the fact that the site is full of false profiles of girls, behind which ordinary spammers are hiding. Then the case was settled without strict sanctions. Apparently, therefore, the company continued to use bots to promote the service.
It is noteworthy that spammers work on one system with a network of botnets on Twitter: they appear on sites with a young girl on the avatar and write short messages with sexual overtones. This is what ZeroFOX specialists paid attention to by contacting Krebs. Together they found out that almost all reports of the bot-community from Twitter lead to the Deniro Marketing website.
Thanks to the quick reaction of the Twitter and Google management, companies were able to clear services from almost 90,000 bots that caused large amounts of stealing from trusting users. However, Krebs believes that the attackers are not prevented from re-assembling the army of bots to advance their goals, as allegedly the company Deniro Marketing.
According to the journalist, such a huge network of spammers can be used not only for the sake of advertising porn sites, but for the dissemination of any information. In January 2017, a group of specialists recorded 350,000 bots on Twitter, who quoted books on the “Star Wars”.
The goals of the authors of this network are unknown, but their ability to manage so many false profiles on social networks is causing serious concerns among cybersecurity professionals. After all, if you can use bots for advertising, then you can and in political interests.