Almost 90,000 accounts have been removed from Twitter following ZeroFox's announcement of a huge botnet. Dubbed SIREN, it lures users in with sexually explicit messages, before linking them to pornography and dating sites.
Though the websites are all legal, ZeroFox reports that many of the subscription services mislead users. Profiles on the sites are often operated by the hosts and share user data with affiliate scam sites.
30 Million Clicks
Thanks to the security company's neural network, we now have a good idea how SIREN works. The users have posted over 8.5 million links, traveling through several redirect services before reaching the destination. The bots either reply directly to a user's tweets or attract users with their profile and bio.
These messages are generated using an identifiable pattern, starting with a sexual phrase and following with an encouragement to visit a link. The bots appear to repeat the same phrases, though most don't make a whole lot of sense. For example, one of most popular is “want vulgar, young man?”
Despite this, the results have been very successful. Over 30 million users have clicked the links, and no doubt some of them fell for the scam. A big chunk of the bots have their language in Russian and have Cyrillic characters in their usernames, leading researchers to pinpoint the Eastern block of Europe.
Thanks to ZeroFox's disclosure to Twitter on July 10, all of the accounts have been terminated, but it's not clear how long the respite will last. It's likely bots will appear again in another form, if not quite as wide-reaching as SIREN.
You can find the full information on the ZeroFox site.
Last Updated on August 4, 2017 11:57 am CEST