|
||
|
12 March 2014
Date: Tue, 11 Mar 2014 17:58:10 -0700 10 March 2014 Massive Twitter Botnet
@paulmd199 sends: The NSA and GCHQ know where to find me already. I can't presently prove who's behind this, but strongly suspect one of those two, particularly the latter. The appendix contains some 35,000 fake twitter handles, belonging to the same botnet. And what they've tweeted. Should Twitter's press office actually respond, I'll send that on too. __________ Massive twitter botnet Some days ago, I noticed a few rather peculiar repeating tweets about Edward Snowden, and decided to investigate. “I dont know much about Haarp but Edward Snowden is the one thats revealing it to the world and to the newspapers so will become the” What on earth? Surly such unusual phraseology wouldn't be repeated over and over by different users. Well, it turns out that these little gems are only one small part of a massive botnet, that tweets everything from utter nonsense, to psuedo-ebonics (“Son? Ure hungry Ma : Ok my sonmofe: Yh lol : Its all black : Wasup with it? : mofe dis ur new avi”), to things a reasonable human might say. It will co-opt already-viral tweet (a line from Dr Horrible's Sing-along Blog), and will even steal a tweet from an unsuspecting user, and spam it out all over creation. There was even one tweet that seems to acknowledge the truth. “Holy spammed users, Botman!” The one thing is seems not to do, is advertise anything at all, nor have any discernible revenue model. After a bit of study, I was able to trace the creation of the botnet back to March first, and I decided to get some idea of the scale of the botnet, I pulled 33 such spam tweets into a spreadsheet, and counted unique handles. The number I got was in excess of of 34 thousand, from only that small sample. There are literally thousands of spam tweets from this botnet. The botnet could easily involve hundreds of thousands, or millions of unique handles. When you look at the individual accounts associated with the botnet, they appear to be from a human user. Until you search the tweets therein, and found that they've been spammed 700 times in under a week. There seem to different spam schedules. The slow one seems to be about 1 every 15 minutes or longer (even hourly or less frequently), the faster version repeats up to several times a minute. Today, I noticed that the faster version appears to have stopped, but the slower one continues. I have contacted both Twitter support, and Twitter's press office, to date, neither has responded. I include as an appendix, the text files I created by copying and pasting searches (these I processed, to allow them to be imported into a spreadsheet), The spreadsheet, and a simple database, that I used to calculate just how many unique handles were involved. I only needed the database because the spreadsheet formula for calculating unique items becomes horribly slow when dealing with numbers in the tens of thousands. I also will include my unrequited email to the Press office. Such botnets have no legitimate purpose, they serve only to poison search results, to manipulate or deceive, or distract. Any way you look at it it's a scam. I strongly encourage further research to fully expose who is behind this, and also call upon Twitter to shut it down. http://cryptome.org/2014/03/TwitSpamNetwork.zip (4.3MB)
|