Twitter spam test: we caught some spammers!
- TAGS:#BlockMonday, malware, security, social media malware, spam, spammer, spammers, Twitter
- IT TOPICS:Applications, Cloud Computing, Cybercrime & Hacking, Data Center, Desktop Apps, E-Business, Emerging Technology, Internet, Mobile, Mobile Apps, Networking, Security, Security Hardware & Software, Web Apps
By Richi Jennings. August 13, 2010.
You may remember a couple of weeks ago, I baited a trap for Twitter spammers. Let's see how that experiment turned out, in The Long View.
It's Friday again, so let's look back at the test I began two weeks ago. If you recall, I posted an article designed to expose spammers' Twitter posting bots. It pattern-matched a popular search term; my plan was to watch which robot Twitter accounts tweeted links to the article:
The bot software they use searches Google News for new posts with a particular set of keywords ... then misusing a service like Twitterfeed to tweet the headlines of the posts. ... The idea is to attract followers, either to fool them into clicking on the link in the fake user's profile, or on a link that they later send to their victims using Twitter a direct-message. The links might be malware come-ons or they might contain affiliate marketing tracking codes.
A variant of this scam has the spammers scraping Google News feeds and automatically posting them a blog, wrapping the text in advertising and force-fed affiliate cookies. Then their twitter bots auto-tweet links to the spammy blog post.
Did it work? Uhh, yeah. Big time.
I ended up identifying 247 spammy robot accounts, a list of which you'll find below. A good number of these accounts were ones I'd previously come across and already reported to @spam. So it doesn't seem like that reporting mechanism is terribly effective.
I also had a short and rather fractious dialog with Del Harvey, Twitter's Trust and Safety team honcho. Basically, the Twitter position is send a message to @spam or "file a ticket."
Well, we know that reporting them to @spam doesn't seem to work. I'll keep you posted on what comes of filing a trouble ticket.
It's the old, old story: free service emerges, free service gets popular, spammers move in and misuse it. At that point, the service can choose one of two paths:
- Either ignore the problem, arguing that because it's a free service, they can't afford to police it. This usually ends in tears as the legitimate users get fed up with wading through a cesspool and the service dwindles into irrelevance. Classic example: Yahoo! Groups.
- Or, tackle the problem, realizing that the very health of the service depends on containing spam at low levels. Example: any decent email provider.
At this point, the jury's still out as to which model Twitter has chosen. On the one hand, it has sound practices such as the limits imposed on accounts following more than 2,000 users. On the other, there seems to be a disappointing reluctance to tackle this 'background radiation' of robot spam. But I'd love to be proven wrong.
If you want to see the list of spammy accounts, scroll down below my ridiculous grinning face. Have a good weekend!
Â
Are you fed up with robot Twitter spammers? Leave a comment...
Â
 |
 | Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and security. A cross-functional IT geek since 1985, you can follow him as @richi on Twitter, pretend to be richij's friend on Facebook, or just use good old email: TLV@richij.com. |
You can also read Richi's full profile and disclosure of his industry affiliations.
Here's the list of spammers. Beware that there are one or two account names that some may find offensive. I'm not perfect, so if I've erred and included your Twitter account in here, please send me a tweet from the account in question. (You can keep track of my mistakes by counting the gaps in the list.)
Free Insider Guide