Video Screencast Help
Symantec Appoints Michael A. Brown CEO. Learn more.
Security Response

Twitter Goes After Spammers

Created: 10 Apr 2012 23:28:32 GMT • Updated: 23 Jan 2014 18:16:17 GMT • Translations available: 日本語
Nishant Doshi's picture
+1 1 Vote
Login to vote

Twitter recently filed a lawsuit in the San Francisco Federal Court against five of the most aggressive spammers and spam tool providers. The defendants listed in the suit are TweetAttacks,TweetAdder, TweetBuddy, James Lucerno of justinlover.info, and Garland E. Harris of troption.com. We have been researching and tracking such spam and wanted to give you a rundown of the features and capabilities of some of these spam tools.

TweetAttacks

Figure 1. TweetAttacks
 

TweetAttacks positions itself as a Twitter marketing product. It has three versions: TwitterAttacks Pro, Twitter Attacks Lite, and TwitterAttacks Free Edition. It allows the user to post Tweets and re-Tweets through thousands of accounts simultaneously.

Figure 2. TweetAttack’s user manual
 

Some of the interesting modules are as follows:

Follow/Un-follow module: This module automates the process of following and un-following multiple users. It allows users to set policies for following and un-following, such as automatically un-following users who do not follow back after a predefined period of time. It also has many features to avoid getting the account banned by Twitter.

Direct Messaging: One can use this module to send Direct Messages to all followers.

@Reply and @Mention Generator: This module allows the spammer to send @replies to all users based on a particular keyword or context. So let’s say the scammer wanted to propagate a porn related link. They could use this module to find all users that have tweeted the keyword “porn” and then @reply to those users with a porn related link. The scammer could also use this module to Tweet malicious links as @mentions to a random number of Twitter users whom the scammer doesn’t follow.

Figure 3. Example of @Reply and @Mention generator
 

It also had a section on how spammers can propagate the scam survey links. It recommended the best time of the day to send the links, strategy used to get more followers for a newly created account, how many Tweets to send in a day, how to avoid getting suspended, and where to get the scam survey links.

Figure 4. Advice for potential spammers
 

TweetAttacks also offers a Twitter account creator service where one could get thousands of email verified Twitter accounts every day. These accounts would have real human names and pictures in the profile.

Normal Tweet Module: This allowed the scammer to automate the process of posting benign Tweets, Tweets that had no links and hashtags. The main goal here was so that the accounts last longer and look more legitimate.

ReTweet Attacks Module: Allows spammers to use other spam accounts to ReTweet scam Tweets. The reasoning behind this is that, although RT is just two letters, it automatically acts as a social proof and makes the Tweet look more legitimate.

Also TwitterAttacks did not use Twitter APIs. Most of the Twitter APIs are rate limited, so Tweet Attacks instead used automated scripts across distributed machines that mimicked normal Web browsers to access Twitter services. This ensured that this activity did not raise any alarm bells and allowed this high level of automation.

TweetAttacks Pro sells for $127 and the Lite version is available for $57.

TwitterAdders

Figure 5. TwitterAdders
 

TweetAdder has similar features to TweetAttacks.

Figure 6. A screenshot of some of its features
 

It allows the scammer to create and use multiple accounts, automatically follow and un-follow users, and automatically generate Tweets, Re-Tweets, @mentions, and @replies.

It also had a unique Tweet generator that allowed the spammer to post multiple Tweets that say roughly the same thing by replacing a few words in the Tweet with a set of alternate words as well as a feature to send randomly selected messages to users who follow the spammers.

Figure 7. TweetAdder GUI
 

It also recommended private proxy services to its customers. This allows the spammer to run TweetAdders from a bunch of private proxies. They also provide recommendations to Virtual Private Servers that the customer can use to host and run TweetAdder.

Figure 8. TweetAdder sells its product in packages of one, five, ten, or unlimited number of Twitter Profiles
 

We hope that these lawsuits reduce the number of scam Tweets on Twitter. We advise users to report spam and avoid clicking links from users they do not know.