Spotting a new breed of Twitter spammers

I've noticed a few new trends with the newest batch of Twitter spammers -- and gullible users are falling for it.

Over the last month I've made some of the best Twitter friends. They mostly live in the UK in cities of which I'd never before heard: MansonCharles, JohnGoogle, TownleyJames, WozniakSteve and JamesSunny.

Wait, those are spammers?

In all seriousness, Twitter spam is getting even more out of control. As a user, sure, a distributed denial of service (DDoS) attack on a site upon which I rely is an inconvenience, but the spammers are what impact us day-to-day. I've noticed a few new trends with the newest batch of Twitter spammers:

  • Most of them come from cities similarly patterned after my UK "friends" above
  • Many are now using pictures of families and children rather than cracked out porn stars
  • They start on Friday nights, hammer through on Saturdays and cool down on Sundays
  • They are amassing good amounts of followers

Usually a spammer can be spotted from its exceptionally imbalanced ratio of followers to followees. But the new breed of spammers aren't as easily figured out -- at least not by the majority of non-savvy social network users. Using FriendorFollow I was able to enter names of some spammers into the analysis tool. I found that whoever is engineering these spam attacks is doing so pretty smartly, by making sure that all of the spammers are first following each other before following victims. This gives the impression to gullible users that, sure, these folks may have bad grammar but they seem like real people with a real following.

The content is even a bit more... believable. There's a lot of talk about traditional Chinese food recipes. There are also seemingly Twitter tricks and tips being peddled via these spammer feeds. Who knows how many clicks these spammer links are getting before they are pulled down.

Next: A Twitter spam Q&A -->

I reached out to Alex Payne to learn more about the Twitter spam issue and he referred me to his spam team. Unfortunately, despite my badgering, the Twitter spam team did not respond to requests. I did speak with Adam J. O'Donnell, director of emerging technologies at security company Cloudmark, about this spam stuff and did a quick Q&A:

Q. [Jennifer] I've noticed the same type of spammers over and over again the last month, at least. What are the chances that these are the work of the same person / organization?

A. [Adam] The chances of it being the same person or organization are pretty high. The actual individual behind the spam may change from day to day, but once the prime mover, be it an affiliate marketer or a multi-level marketing organization, has discovered a way to monetize a spam  target, they will stick with it.

Q. Can you explain how Twitter spammers work?

A. It helps to think of spammers not as some remote entity but as  unethical, immoral marketing wonks.  Their goal is to get attention to  push product, and they will do it by any vector imaginable.  These marketers have many different spamming mechanisms on Twitter itself,  one for each mechanism by which people can access data on Twitter. There is "following spam", where you get a message that some random  person is following you, and upon visiting  their page you see a link going off to their product site.  There is "reply spam", where the  spammer will search for certain keywords in your stream and reply to  you with a spammy link.  You also see SEO spam, similar to that seen on every major search engine, where popular trending terms are heavily tweeted by spammers so they appear high up on search results. Spammers are also compromising accounts of highly followed individuals  and posting spammy tweets to all of their followers.

There are other subtypes of spam that exists on their site, but these are the most visible to their users.

Q. If there's a noticeable trend (aka the city names) can't Twitter automatically block them from showing up?

A. Designing automatic systems for blocking spam is non-trivial.  Using a  simple pattern to identify the current batch of spammers may lead to a  large number of false positives when applied across the entire  system.  While there may appear to be an obvious pattern to the names,  those of us on the outside don't know how often those patterns appear amongst legitimate accounts being created at the same time.

Q. Why do these spam attacks happen over the weekend?

A. Some part of [Twitter's] process is human dependent, and those people don't  work on the weekend.

Q. Do these current spammers pose any particular danger other than annoyance?

A. There is little danger from spammers, but malware authors can be more  than just an annoyance. The Koobface worm authors have been targeting  Twitter for some time now.  This worm propagates across social networks by posting a link to itself from compromised accounts, and  once downloaded, grabs the new victim's account information, and  starts the cycle over again. There isn't really anything stopping the Koobface authors from packing more functionality into their payload.

Q. Do you think the spam problem will get better before it gets worse?

A. That is pretty difficult to answer.  Historically, spam problems get worse before they get better as it takes time for management to accept  the level of resource commitment required to fight a problem.  Keep in mind, this isn't a prediction, it is an observation of the behavior of  spammers on other media.

Q. Is there anything individuals can do to keep themselves off of the spam radar?

A. Not really.  Individuals should be more concerned about the malware  that propagates on social networks than they should about the spam.  The lesson here?  Always run anti-virus, and make sure you keep it up  to date.  While a social network can clean up spam on their site, they  can't remove a bot from your machine if you get infected.

Image from Ugly Halloween Costumes


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All