The Incredibly Annoying Twitter Porn Spam Attack of Late Winter, 2012

Tip: Read part 5 of “What Can You Do About Twitter Spam? What EVERY User Must Know” for more information on how spammers work.

From mid January through March, 2012, many more spam tweets than usual about porn were sent in several waves as @mentions to users on Twitter.

Spammers had created an enormous number of spam accounts in advance for a money-making campaign that also utilized some hijacked accounts (people who had their Twitter account passwords stolen).

While it is normal for spammers to send a lot of spam tweets for 1-3 weeks, this spam campaign lasted many more weeks than usual.

Twitter Suspends Spammers, Spammers Work Harder

Strangely, this was a sign that Twitter’s efforts to suspend spammers were having an effect, because spammers were forced to “burn” (let Twitter suspend) many more accounts than usual in this campaign of spam.

Here’s how it works, and why while this is a sign that Twitter is doing a good job, it’s still a problem for users.

Two Techniques of Spammers

Setting up the spam network

First, spammers create a lot of accounts that don’t spam, and appear to be real people. Then, they use a few of those accounts to send spam. Each time they do this, they find out what Twitter will allow and what will cause the accounts to be suspended. Then, they use what they’ve learned to have the next group of accounts behave differently when they start to spam, so they won’t be suspended as quickly (or at all).

Spam Technique #1

Here, spammers assume they will be able to spam from accounts that won’t be burned (suspended) quickly or at all, by using what they have learned from previous tests. This means they send a lower amount of spam in total, using fewer accounts overall. This requires spammers to learn from previous attempts and change techniques over time as they learn.

Spam Technique #2

But when spammers determine that Twitter has become very effective at suspending spam accounts quickly and consistently, they will use a much larger number of accounts, knowing that virtually all of them will be burned through quickly.

The problem for users is that first, even if an account is suspended after only one tweet, if you are the person that received that tweet, it’s very annoying.

But mainly, the problem for users is that the total volume of spam tweets is greater: You get more spam, and you wonder why Twitter isn’t doing more to stop it!

One problem with this technique is that spammers don’t have to be smart, they just need a lot of accounts they can burn.

Spam Tools

So another reason spammers might send more spam overall is when tools to create a lot of Twitter accounts improve, or improved tools reach the spam market.

When a spammer can create 1,000 Twitter accounts quickly and cheaply that look real, it’s tempting to simply “use them up” (let Twitter suspend them) by managing them in a dumb way, so that it’s easy for Twitter to suspend them.

What Twitter Needs To Do Next

What caused spammers to use so many more accounts (and send so much more spam) appears to have been both that Twitter was getting too effective at suspending “smart” accounts (that look real and try not to be suspended) and that tools for creating large numbers of accounts have gotten more effective.

Twitter probably needs to make it harder to create new accounts, and possibly stop delivering 100% of all @mentions to all users, or provide a filter of some kind such that you don’t receive @mentions from suspicious accounts (such as a very new account that you don’t follow) in the same way you receive them otherwise.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>