Botnets are fascinating to me. Who creates them? What are they for? And why doesn’t someone delete them? The answers are probably less interesting than I hope, but in the meantime I like to cheer when large populations of bots are exposed. That’s what security outfit F-Secure’s Andy Patel did this week after having his curiosity piqued by a handful of strange likes on Twitter.
Curious about the origin of this little cluster of random likes, which he just happened to see roll in one after another, he noticed that the accounts in question all looked… pretty fake. Cute girl avatar, weird truncated bio (“Waiting you”; “You love it harshly”), and a shortened URL which, on inspection, led to “adult dating” sites.
So it was a couple bots designed to lure users to scammy sites. Simple enough. But after seeing that there were a few more of the same type of bot among the followers and likes of these accounts, Patel decided to go a little further down the rabbit hole.
He made a script to scan through the sketchy accounts and find ones with similarly suspicious traits. It did so for a couple days, and… behold!
This fabulous visualization shows the 22,000 accounts the script had scraped when Patel stopped it. Each of those little dots is an account, and they exhibit an interesting pattern. Here’s a close-up:
As you can see, they’re organized in a sort of hierarchical fashion, a hub-and-spoke design where they all follow one central node, which is itself connected to other central nodes.
I picked a few at random to check and they all turned out to be exactly as expected. Racy profile pic, random retweets, a couple strange original ones, and the obligatory come-hither bio link (“Do you like it gently? Come in! https://techcrunch.com/2018/03/16/suspicious-likes-lead-to-researcher-lighting-up-a-22000-strong-botnet-on-twitter/
No comments:
Post a Comment