ITsecurity
twitter facebook rss

Twitter Bots: the scourge of the low-end spam bots

Posted by on February 3, 2015.

twitter botsThough Twitter goes to great lengths to thwart fake bot accounts, spam bots are pervasive throughout the Twitter ecosystem. Whether it is a 6,000+ real and verified twitter followers (yeah, right!) for $5.00 over at Fiverr or a flat 6 month $49.99 subscription at Twitter Supremacy  bots come in all flavors  You can buy a set amount of fake followers, become an affiliate, subscribe to an anonymous automation service, or purchase some clever little bot tutorials down at the Evo marketplace (in the Darknet).

Last summer Twitter refuted that mischievous bots lurked behind 23 million accounts — According to Twitter’s SEC (Securities and Exchange Commission) filing: These fake bots (spam accounts) make up less than 5% of Twitter’s monthly active users.

Low-end Bots

Regardless of the percentage of fake bots claimed by Twitter, there is still a copious scourge of nettlesome low-end bots that slide under the radar.

Buy Twitter Followers from us and get the quality followers is one search term that demonstrates a cacophony of fake accounts. With names such as Agyeman Dobbison ([email protected]), Ricki Douglas ‏(@virekotewene), Alfrieda Lysons ‏(@LysonsAlfrieda), Hanno Sullivan ‏(@bafatocewyq), Ieremiya Ramirez ‏(@juvufycupuw), Eilif Waller ‏(@sukajysugis), and Grzegorz Errol ‏(@pihahamelyn), these accounts are easy to spot.

twitter bots

These bots each display the same header photo; run the same scripts; post the same graphics; and send links to myriad cloned verasocial.info subdomains.

Verasocial.info Domain Whois:

Organisation: DaffaCORP
Owner: Daffa Ahmad
Owner Address: Jl Mangga 1
Owner City: Palembang
Owner Postcode: 32425
Phone Number: +62.82377654758
Phone Type: mobile :Surabaya Komselindo STKB-C (AMPS)
Email: [email protected]
Owner Country : Indonesia
Website Location : United States
Email is associated with ~50 domains
Registrant Org DaffaCORP is associated with ~49 other domains
Dates Created on 2014-12-16 – Expires on 2015-12-16 – Updated on 2014-12-17
Current IP: 198.252.107.99

This domain is only 49 days old, but the endless slew of subdomains they utilize to get past Twitter spam filters is astounding!

I have a hash with these spam-bots

Since early 2009, I’ve had a hash with low-end Twitter bots. They are annoying. They offer zero value, tweet spam links, echo scripted-snippets (just to keep their profiles active), and blatantly break Twitter terms of service and rules.

Selling or purchasing account interactions (such as selling or purchasing followers, Retweets, favorites, etc.); Using or promoting third-party services or apps that claim to get you more followers (such as follower trains, sites promising “more followers fast” or any other site that offers to automatically add followers to your account); If you post duplicate content over multiple accounts or multiple duplicate updates on one account;f you send large numbers of duplicate @replies or mentions;If you repeatedly create false or misleading content;If you post misleading links (e.g. affiliate links, links to malware/click jacking pages, etc.) —Twitter Terms of Service

The Verasocial.info Campaign

The verasocial.info campaign is just one tiny drop in the Twitterverse bucket, but it will give you a rough idea of how they operate. 

The originating granddaddy domain may have been 100kfollowers.net (this domain is currently blacklisted on Twitter). When the bots indicate the granddaddy domain in their tweets it looks like this: www, 100kfollowers ,net (note the commas), and the domain is also promoted in cloned cover photos, as well as shared photos.

Each Twitter botmaster uses a control panel like Twitter Supremacy, to conduct their business. They offer two methods of gathering Twitter followers:

  1. Inactive followers: A Twitter username is required where followers are sent directly to the account.
  2. Active followers: A Twitter account login and password are required where they apply the follow first method.

Inactive followers are followers that do not interact with the user account, they are used mainly to increase the Twitter follower count. Active followers are followers that actually require full access to your Twitter account via their control panel. They claim to offer 100% real followers and allege that they manually invite each follower that they want to follow you back.

Twitter password required

The pricing structure for inactive followers is:

  • 5000 followers for $29 USD  [Delivered 3-5 days]
  • 10,000 followers for $39 [Delivered 5-7 days]
  • 20,000 followers for $59 [Delivered 10-15 days]
  • 50,000 followers for $119 [Delivered 20-25 days]
  • 100,000 followers for $219 [Delivered 25-30 days]

The pricing structure for active followers is:

  • 1000 followers for $24 USD  [Delivered 4-7 days]
  • 2000 followers for $40 [Delivered 7-9 days]
  • 5,000 followers for $87 [Delivered 12-20 days]
  • 10,000 followers for $147 [Delivered 20-30 days]
  • 50,000 followers for $219 [Delivered 30-40 days]

The current bot campaign is running approximately 38 bots that tweet once per minute. Each bot sends 60 tweets per hour and 1440 tweets per day. With all 38 bots running, they will tweet 54,720 tweets per day. This botmaster is not the brightest crayon in the box — he may have forgotten to lay his bots down for a nap, or his control panel needs an alignment — his bots have currently been down for 4 hours. That could mean that this campaign is finished and that they are beginning a new campaign with a different domain and a new set of bots and scripts. Or Twitter busted them. Only time will tell.

Some bots are less annoying

I do not have a hash with automated tweet bots such as:

Tweets for community benefit [Earthquakes; weather; transit]
Tweets for a niche group of users [Infosec; WordPress]
Parody account tweets
Automated newsfeeds

With high-end bots quickly becoming more human-like in the Twittersphere, where they often interact with both you and me — It can become disconcerting to converse with a bot and not even be aware of it. Don’t you think that Twitter should implement some type of special profile indicator — that acknowledges that they are bots?

Many of these high-end bots have actual bed times, Klout scores, and direct messaging (DM) skills. The old tell-all-I-am-a-bot stock photo and default egghead graphic has been replaced with authentic-looking photos. Higher-ends also include affable and polished bios descriptions, customized header images, and they generally play nice in the Twittersphere.


Next blog post will feature TPH

I still have a Twitter @TinkerpuffHead (TPH) account that I created for the specific purpose of playing with fake followers. The last batch of 4000 fake followers was purchased at Fiverr back in late 2012. For a very short time TinkerPuffHead had 4,182 followers. Today she only has two followers:

  • A Defunct Spam bot: Carol Arciga (@Bettyann_388) created in June of 2012, who sent out 297 tweets from November 20-25, 2012.
  • Dan Tynan (@tynanwrites): I am not sure why Dan is following TinkerPuffHead, maybe he read my previous blog post.

Next month — TPH and I are planning a rendezvous that will include another batch of fake followers.

Mark your calendar!



Share This:
Facebooktwittergoogle_plusredditpinterestlinkedinmail

One thought on “Twitter Bots: the scourge of the low-end spam bots

  1. Very helpful Plus Great information,
    we appreciate advise especially coming from a professional.
    Thanks again and keep up the great work!

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: Bev Robb, Social Media, Teksquisite | Tags: , , , , , ,