Over the last few weeks I have been noticing a new type of Twitter bot that has been rapidly increasing its activity. The newest series of bots do not appear to be the normal malicious virus linking type of old, but something quite different. After tracking what I’ve been seeing for a couple of weeks now, I decided to share what I’ve been seeing and offer some suggestions of how we can combat this added noise together.
Why is this important and how do harmless bots affect you anyway?
First, I think it is important to explain why this should matter to you. In fact having bots that are pushing an incredible amount of useless noise into the social graph (namely Twitter in this case) does affect you and here’s why. Twitter is a linear social network that displays status updates as they are posted by users. Unlike Facebook, which uses an algorithm to determine what posts to display in your newsfeed, Twitter simply displays posts as they are made, then those posts scroll down through the millions of others posts being made by others.
Having bots (virus laden or not) designed to automate posting of useless content, graphics or other posts to the Twittersphere only clutters newsfeeds and adds to the noise, making your posts less likely to be seen and therefore less effective. It is my belief that whether it is a bot like I am discussing today, or any other useless posting automation such as “my most influential followers”, “welcome tweets” or “I’ve added your tweet to my useless RebelMouse page”, all distract from the effectiveness of the Twitter platform.
Secondly, there could possibly be something far more sinister going on here. More on that in my summary below.
What I have found about these new bots:
I have noticed a pattern of these new bots. As you can see in the example pic to the right, they all seem to have some very similar traits that are slightly different from what I have noticed over the years. Here are some of what I have noticed:
About the Profiles:
1) They all usually have what appears to be a lifelike name.
2) They all usually have what appears to be a lifelike bio.
3) Most seem to have a USA location.
4) They never have a website link.
5) They all seem to have what appears to be a lifelike human photo that is not sexually charged as with other bots.
6) Many of the accounts show they were created some time ago in 2013
7) They all have virtually no followers and/or follow very few accounts.
About the Posts:
1) They often tag people they’re not following in their posts.
2) Their posts are clearly an automated compilation of pseudo retweets or comments on other people’s tweets.
3) They never include the link that was in the original post they are retweeting.
4) They sometimes upload an unrelated graphic for some of their tweets.
5) All of their tweets show they are post from “Mobile Web (M2)”. Meaning that they are using mobile protocols to send the tweets rather than standard web related functions. (THIS is extremely rare with most Twitter virus bots)
6) None of their posts are spam, virus links or contain URL links to various websites.
7) A percentage of their posts are text only and seem to be randomly generated sentences designed to get someone to engage with “What? or Huh?”. Ask what they are talking about or something along those lines.
A Summary and My Theory of what could be going on here:
The volumes of tweets coming from these clearly related bots is quit concerning. Of all of the bot incidents I have witnessed on the Twitter platform, this series is easily the highest quantity and diversity of content, tagging and so on. The sheer volume of the noise they are adding and the fact that many of the account creation dates are older, unlike most bots is making them fly under Twitters normal radar flagging.
But is there something more sinister going on here? I think that might be a possibility…
If some hackers have figured out how to flood Twitter with bot generated posting that can fly underneath Twitters radar better than anything else attempted before, using mobile protocols instead of web, are they simply perfecting their methods for something else? My concern is that these bots are potentially far more dangerous because the unique approaches they have taken, the volume they are able to generate and most importantly that they are more difficult for the average or inexperienced Twitter user to recognize as a bot. These culminate to create a perfect storm for a later virus campaign that could have massive implications to millions of people should my hunch be proven accurate.
So be aware these bots clusters are there, learn to recognize them and watch for changes that include URL links that are designed to execute a future mass virus attack through Twitter.
What can we do about it?
There are things we can and should be doing about this as responsible Twitter users, both to reduce the bot noise on the platform and for the potential security risk that it could potentially represent.
In short, report all Twitter accounts that you see that have these patterns. The more reporting for spam that is done on an account early in their tweeting cycle, the more of a red flag it is to Twitters systems. The longer an account goes without having numerous spam reports, the less likely Twitters security algorithms and teams are to catch it.
Have you noticed the flood of these specific bots on Twitter recently?
BundlePost 
Robert, great post, good on you for spotting this, caring enough to write about it and sharing your finding as and concerns. Agree with your conclusions, it feels like a long game is being played here.
indeed. If we all work together we can self-police the threat from this kind of stuff and better assist Twitter to manage and defend against the noise and security risks. Appreciate the comment and shares Tim!
One point of logic in your description doesn’t quite work: If they have virtually no followers then their tweets are most likely not in the streams my followers are seeing and are not pushing my content down for them. One or two, perhaps. They’re part of the search noise but not necessarily the daily noise for an individual.
I block any follower or account tagging me that has something fishy about it. If all of us do this that will start to affect their ability to keep the account alive.
Once they are tagging people and most aren’t easily identifying them as bots, I would completely disagree Barb.
Ah, the tagging–good point. Keep blocking .
I’m seeing a different kind of cluster that seems related. Because I have keyword searches set I’ve identified a pattern that looks like it’s aimed at building website traffic.
15 or so different accounts tweet the exact same link to a blog post.
Lots of hashtags.
Several hundred following/followers, several thousand tweets.
Profiles have links to sites (not necessarily the same blog as link).
They RT each other occasionally so it looks somewhat more organic.
The ones I ran across focused on travel and finance topics, making me wonder if there’s yet another level of ripoff in the works.
Certainly sounds similar Barb. One way to easily tell if it is related to what we wrote about is to see the “via” source. This can only be viewed using a third party dashboard, not on Twitter.com itself. Examples are via BundlePost or via Hootsuite – This denotes what app they are using to post to twitter. I believe the related bots all display an M2 as the source. Hope this helps.
Good Investigative work Robert. I too, had noticed a change in pulse and similarities in bots, just did not have the knowledge you have to break it down. . Thanks for sharing.
Thanks for looking into this and raising awareness, Robert! I am glad that you took the time to write this post as I agree that some tweets sent by these bots are not easily recognizable as spam at all.
The most recent one I spotted looked like one of our promo tweets.. the only problem was that the picture attached to it didn’t make much sense.. [Alert] : the picture is a little gross: http://ow.ly/FtXxh%5D.
Exactly the kind of stuff I am referring to. Good catch!
Good work!!!! I report 1-2 a day to twitter, though I haven’t checked if they have been taken down. Mine seem to be from Manchester UK, and always have pictures of wooden jewellery that has nothing to do with the post!!
Yes, they do vary, but the similarities across the board are pretty close. An infestation I think!
Hi Robert, I’ve noticed them too. I think they’re wholesale bots, created for those who are buying followers. They look real, they have a a small amounts of follows, tweets and rt. I’m guessing this gets them below the spam bot radar.
that could be part of it for sure Garry. Good eye.
Viruses can already be hidden in images so the concern that immediately comes to my mind is of them figuring out a way to transmit viruses through images previewed on Twitter. This could just be practice for that.