Twitter porn bots drew in over 30 million clicks
The botnet campaign featured nearly 90,000 accounts and 8.5 million tweets.
For the past few months ZeroFOX, a social media-focused digital security company, has been looking into a massive pornography botnet targeting Twitter. Dubbed SIREN, after the mythical Greek creatures said to lure sailors to their deaths with song, the botnet campaign reportedly included around 90,000 accounts that produced over 8.5 million tweets.
Each of the associated accounts had a pretty typical set up. Their profiles featured a photo of a woman and a female display name and tweets from these accounts nearly always included a sexually explicit phrase, followed by an exclamation point and an additional phrase meant to get targets to click the shortened URL at the end of the tweet. Once a user clicked on the link, they would be taken through a series of redirects before finally landing on a website that encouraged them to sign up for subscription pornography, webcam sites or fake dating webpages. SIREN accounts were able to attract over 30 million clicks.
ZeroFOX suggests that those behind the SIREN accounts were likely located in Eastern Europe due to many of the accounts' user languages being set to Russian and a chunk of the display names containing cyrillic letters. It also noted that the tweets' phrasing was often written in poor English. Some examples include "I want to fondle me?" and "Boys like you, my figure?" which sound a lot like the silly pickup lines produced by neural networks, but dirtier.
Last week, ZeroFOX reportedly submitted all of the SIREN Twitter profiles and URLs to Twitter, which then removed the accounts from the site and blacklisted the URL domains. "To our knowledge, the botnet is one of the largest malicious campaigns ever recorded on a social network," ZeroFOX said in a blog post. Twitter hasn't yet responded to a request for comment.
[Image: ZeroFOX]
