Evading Twitter’s security algorithms, a mass-scale “botnet” advertising “adult dating” scam websites is back and is rapidly growing on the micro-blogging platform.
According to a blog post by Andy Patel, a researcher with the global cybersecurity firm F-Secure, Twitter had curbed most of the accounts of the earlier botnet called “Pr0nbot” which was discovered in March.
The earlier bot, however, is now back with a bang as “Pr0nbot2”.
“A month and a half ago, I uncovered a series of Twitter accounts advertising adult dating (read: scam) websites. I used a script to recursively query Twitter accounts for specific patterns, and found just over 22,000 Twitter bots using this process,” Patel wrote in a blog post on Friday.
Twitter, however, acted upon most of those accounts and shut them.
Later, Patel modified his previous script and let it run again. “After 24 hours, my new script had identified just over 20,000 accounts,” he posted.
After four days, his script had found close to 44,000 accounts and eight days later, the total was just over a whopping 80,000.
“I shut down my discovery script at this point, having queried just over 30,000 accounts.
“I’m fairly confident this rabbit hole goes a lot deeper, but it would have taken weeks to query the next 50,000 accounts, not to mention the countless more that would have been added to the list during that time,” Patel said.
Twitter was yet to comment on this development.
The new bots show many similarities to the previously discovered botnet like similar pictures, same URL shortening services, similar usage of the English language.
However, the bot creators are re-tooling the new bots based on Twitter’s action against their previous botnet.
“Because these new accounts use a pinned Tweet to advertise their services, we can test this hypothesis by examining the creation dates of the most recent Tweet from each account,” Patel informed.
“My current hypothesis is that the owner of the previous botnet has purchased a batch of Twitter accounts (of varying ages) and has been, at least for the last 21 days, repurposing those accounts to advertise adult dating sites using the new pinned-Tweet approach,” Patel claimed.