This article was published on March 12, 2014

No, Twitter has not been hit by a massive spam botnet


No, Twitter has not been hit by a massive spam botnet

Earlier this week, programmer Paul Dietrich made a posting on the site Cryptome about what he called a “Massive Twitter Botnet,” which was then picked up by Hacker News as well as a few publications. Among other claims, he put together a list of some 35,000 fake twitter handles, which he believes belong to a single botnet that is retweeting spam messages on the social network.

Yet a closer look shows that this is by no means anything unique. Social networks the size of Facebook and Twitter often delete many more accounts in the space of just a few hours.

Here’s Dietrich, who believes the number could be bigger, although he has no hard evidence:

After a bit of study, I was able to trace the creation of the botnet back to March first, and I decided to get some idea of the scale of the botnet, I pulled 33 such spam tweets into a spreadsheet, and counted unique handles. The number I got was in excess of 34,000, from only that small sample. There are literally thousands of spam tweets from this botnet. The botnet could easily involve hundreds of thousands, or millions of unique handles.

Twitter is no stranger when it comes to dealing with fake accounts and the spam they spew. We got in touch with the company regarding this particular claim and it quickly became clear that “massive” is a gross exaggeration.

“We have a variety of automated and manual controls to detect, flag, and suspend accounts created solely for spam purposes,” a Twitter spokesperson told TNW. “We’ve also taken legal action to shut down these spammers — in April 2012 we filed suit against five of the most aggressive outfits.”

More specifically, the spokesperson reminded us that the service has over 240 million active accounts, of which some 5 percent at any given time it considers to be used just for pushing spam. That’s more than 12 million handles, making the 35,000 number rather puny, even if they were all linked to one botnet.

A “massive botnet” would have to include, well, a “massive” number of active accounts, all traced back to one control center. This botnet represents 0.29 percent of the number of active spam accounts that Twitter deals with at any one time.

We did our own analysis of the data Dietrich posted (zip file) and found that many of the accounts in question have already been deleted. Some still remain, so Twitter clearly still has work to do, but that’s the way spam fighting works: you’re never done.

Top Image Credit: Scott Beale/Laughing Squid

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with