Over the last few weeks I have been noticing a new type of Twitter bot that has been rapidly increasing its activity. The newest series of bots do not appear to be the normal malicious virus linking type of old, but something quite different. After tracking what I’ve been seeing for a couple of weeks now, I decided to share what I’ve been seeing and offer some suggestions of how we can combat this added noise together.
Why is this important and how do harmless bots affect you anyway?
First, I think it is important to explain why this should matter to you. In fact having bots that are pushing an incredible amount of useless noise into the social graph (namely Twitter in this case) does affect you and here’s why. Twitter is a linear social network that displays status updates as they are posted by users. Unlike Facebook, which uses an algorithm to determine what posts to display in your newsfeed, Twitter simply displays posts as they are made, then those posts scroll down through the millions of others posts being made by others.
Having bots (virus laden or not) designed to automate posting of useless content, graphics or other posts to the Twittersphere only clutters newsfeeds and adds to the noise, making your posts less likely to be seen and therefore less effective. It is my belief that whether it is a bot like I am discussing today, or any other useless posting automation such as “my most influential followers”, “welcome tweets” or “I’ve added your tweet to my useless RebelMouse page”, all distract from the effectiveness of the Twitter platform.
Secondly, there could possibly be something far more sinister going on here. More on that in my summary below.
What I have found about these new bots:
I have noticed a pattern of these new bots. As you can see in the example pic to the right, they all seem to have some very similar traits that are slightly different from what I have noticed over the years. Here are some of what I have noticed:
About the Profiles:
1) They all usually have what appears to be a lifelike name.
2) They all usually have what appears to be a lifelike bio.
3) Most seem to have a USA location.
4) They never have a website link.
5) They all seem to have what appears to be a lifelike human photo that is not sexually charged as with other bots.
6) Many of the accounts show they were created some time ago in 2013
7) They all have virtually no followers and/or follow very few accounts.
About the Posts:
2) Their posts are clearly an automated compilation of pseudo retweets or comments on other people’s tweets.
3) They never include the link that was in the original post they are retweeting.
4) They sometimes upload an unrelated graphic for some of their tweets.
5) All of their tweets show they are post from “Mobile Web (M2)”. Meaning that they are using mobile protocols to send the tweets rather than standard web related functions. (THIS is extremely rare with most Twitter virus bots)
6) None of their posts are spam, virus links or contain URL links to various websites.
7) A percentage of their posts are text only and seem to be randomly generated sentences designed to get someone to engage with “What? or Huh?”. Ask what they are talking about or something along those lines.
A Summary and My Theory of what could be going on here:
The volumes of tweets coming from these clearly related bots is quit concerning. Of all of the bot incidents I have witnessed on the Twitter platform, this series is easily the highest quantity and diversity of content, tagging and so on. The sheer volume of the noise they are adding and the fact that many of the account creation dates are older, unlike most bots is making them fly under Twitters normal radar flagging.
But is there something more sinister going on here? I think that might be a possibility…
If some hackers have figured out how to flood Twitter with bot generated posting that can fly underneath Twitters radar better than anything else attempted before, using mobile protocols instead of web, are they simply perfecting their methods for something else? My concern is that these bots are potentially far more dangerous because the unique approaches they have taken, the volume they are able to generate and most importantly that they are more difficult for the average or inexperienced Twitter user to recognize as a bot. These culminate to create a perfect storm for a later virus campaign that could have massive implications to millions of people should my hunch be proven accurate.
So be aware these bots clusters are there, learn to recognize them and watch for changes that include URL links that are designed to execute a future mass virus attack through Twitter.
What can we do about it?
There are things we can and should be doing about this as responsible Twitter users, both to reduce the bot noise on the platform and for the potential security risk that it could potentially represent.
In short, report all Twitter accounts that you see that have these patterns. The more reporting for spam that is done on an account early in their tweeting cycle, the more of a red flag it is to Twitters systems. The longer an account goes without having numerous spam reports, the less likely Twitters security algorithms and teams are to catch it.
Have you noticed the flood of these specific bots on Twitter recently?