This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Twitter accounts created to spread spam, malware are easy to create and sell

Share this article:

A handful of researchers have published a study (PDF) exploring the seedy, underground world of Twitter spam.

 

The study was conducted over a 10-month period, during which time the researchers from University of California, Berkeley, and George Mason University – Chris Grier, Damon McCoy, Vern Paxson and Kurt Thomas, with help from others – made bi-weekly purchases from 27 sellers of Twitter accounts.

 

By the end of the study, the researchers had purchased more than 120,000 'dummy' Twitter accounts for just under $5,000. In addition, they reported their findings to Twitter, which suspended more than 95 per cent of the suspect accounts, including the ones under the researcher's control.

 

“The thing I found a little shocking is that these sellers were responsible for between 10 and 20 per cent of spam accounts,” McCoy, who helped present the findings this week at the USENIX Security Symposium in Washington, D.C., told SCMagazine.com.

 

The market is fairly above ground too, according to McCoy, so the researchers were able to discover sellers through simple Google searches. When asked, the merchants were able to provide thousands of accounts within 24 hours, with accounts priced anywhere from two to ten cents each.

 

The fraudsters were able to acquire many accounts in a relatively short period of time, largely through automated processes that circumvent Twitter's authentication features, McCoy said. This includes programs that solve CAPTCHAs and verify Twitter accounts with email addresses.

 

Twitter flags as suspicious when too many accounts are created from a single IP address, and McCoy said the sellers likely rented IP addresses as proxies, which allow them to evade network blacklisting.

 

Twitter accounts are easier to create and require users to jump through fewer hoops than those for other similar services, such as Google. The going rate for a bundle of a thousand Twitter accounts is about $20, McCoy said, while a package of a thousand Gmail accounts sell in the hundreds of dollars.

 

To help put a damper on spam account creation, the researchers offered suggestions to Twitter, such as requiring reauthorisation via email and verification via phone.

 

Twitter, and many other social media organisations, traditionally detect spam accounts by analysing users' behaviour. Spammers typically have a high distribution of posts, include URLs in their posts and have phony looking profiles. Twitter recently integrated a 'report abuse' feature, partly to battle spammers.

 

The purpose for users obtaining these accounts is typically malicious in nature, McCoy said, explaining the accounts are used predominately to distribute scams, malware and phishing attacks.

 

Twitter did not respond to an inquiry from SCMagazine.com, and although he could not speak on its behalf, McCoy said Twitter “wants to reduce the level of spam and give users a better experience. They were great at collaborating with us. Internally, they're making use of [our] data to find fraudulent accounts”.

 

McCoy could not comment specifically on the legality of creating Twitter accounts meant for malicious purposes, but said that selling them appears to be only a minor infraction per Twitter's terms of service, and that many sellers remain in this business.

 

“I think where they would run afoul is where they get their IP addresses,” McCoy said, adding that that would have nothing to do with Twitter.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

SharePoint users break own security rules

SharePoint users break own security rules

Privilege controls can work, but cannot cater for all eventualities, says Quocirca analyst Rob Bamforth.

Heartbleed slows down the internet

Heartbleed slows down the internet

As Hearbleed slows down the internet, experts say that two-factor authentication may the way forward to protect our web sessions.

Biometric data collection sparks privacy debate

Biometric data collection sparks privacy debate

You could be implicated as a criminal suspect, just by virtue of having that image in the non-criminal file, says the Electronic Frontier Foundation (EFF).