Tuesday, September 08, 2009

Tweet Theft Spam

I’ve been playing around with tracking spam and malware on Twitter, a project we call TwiGUARD, and have been learning new things.

Last night I was testing my TwiGUARD analysis tool and it marked a user as spam, but when I manually checked the profile, it looked legitimate. The user had some timely quotes and seemed to be a real person. Sure, it’s a real person who likes to retweet offers for free money, but who am I to judge?

Then a lightbulb went off in my head. I copied the non-spam looking posts into the Twitter search engine and found a young lady in Iowa had tweeted the exact quote an hour before. The spambot had simply stolen her tweet and copied it in order to appear as a legitimate person.

I found many other spambots who did the same thing. They simply track the top 10 “Tending Topics”, find people who replied to those topics, then steal other tweets those people have made.

Anyway, I feel like a parent who has been surpassed by his kid. I was fooled by the spambot, but my tool wasn’t.

Below are two screen shots of tweet theft I found while writing this post. It comes from parsing "#wheniwaslittle I", which is current the #1 “trending topic”. The first screen shot is the spammer (You can tell by the pleas to watch her dirty videos) followed up by a screen shot of the lass who made the original comment.

This is the spam!

This is the orginal comment.

1 comment:

Unknown said...

I've noticed such accounts too, lately. It always takes a second glance through the posts to see that either they're coming in at very regular intervals, coming in quickly but completely unrelated (really, you're taking a bath and at the movies in the same minute?), they have 5,000 followers after 35 updates in only 2 days, one or more posts (most likely the latest one) has a link to "check this out."

Lame, but I thought that was a nifty move too. I've seen it in some blog posts too, and that's even more wild, especially if a bot takes a preceding comment so it actually is in topic and may just look like a mis-quote or something.

Far better than the usual Engrish...