Twitter Spammers

Wherever there is opportunity and invention, you will find people who stoop low to take advantage!

I have had spam sent through Twitter, whether it be by spam bots or live spammers following me in the hope I follow back or Direct Messages if I am unlucky not to see through their spam disguise.

The most problematic version is using mentions to target people.

As an example, I got the following:

@deepwebdesign i got it today! yes!! http://bitly.thruhere.net/bluEt
From singh8567 via API

Now there are a couple of things that stand out here that make it look like spam:

  1. Default Avatar, spammers are lazy, but not even changing the default avatar is downright dumb. It is one of the first things I look at to determine if I want to continue on with this \”person\”
  2. Crappy Username, Nearly everyone I follow (if not all) has a well though out name as their username, not a name with 4 digits after it. Most likely singh8567 has been deleted 8566 times before now.

But the thing that really caught my attention was the shortened url.

Bit.ly is now the most common used url shortener and most people on Twitter and Facebook are used to seeing shortened urls. The risk is that a shortened url from a friend or follower is seen as a trusted source and is more likely to be clicked on.

Spammer use this behaviour to enhance the chances of their links being clicked. Twitter had a big problem with compromised accounts a while ago that were sending out urls designed to trick others to get infected.

Back to the tweet, you will see the url is http://bitly.thruhere.net/bluEt

So not bit.ly at all but thruhere.net.

This is a common trick used by phishers to make users think they are going to a trusted source. Since the shortened urls are often jumbled sets of letters, a url mistake is less likely to be detected.

I got onto longurl.org (where you can preview the destination of these urls) and the preview showed it to be a page about icons. Now the page may also have a more dangerous payload once you visit, I haven\’t tried 😉

Look for the obvious signs of spammers, usually they follow similar patterns and can be spotted.

As is usual, spammers will evolve their techniques to continually challenge our ability to detect the bull.