Pornimage
Pornimage

A researcher who in 2016 uncovered roughly 500 bots programmed to create Twitter posts that advertise pornography found that about 20 percent of them were still active two years later.

Rob Cook, the senior analyst at Flashpoint who spearheaded the research, told SC Media that although the number of older pornbot accounts "was reduced by Twitter's action against them through abuse reporting," he was nevertheless "able to quickly identify new 'pornbots' using the same technique, which brought my list of accounts to nearly 60 in just a few minutes."

Moreover, these new bots were observed employing the same techniques as their predecessors, whose discovery was originally disclosed in a private company intel report. Techniques include using legitimate hashtags used by Fortune 500 brands and placing them beside various unrelated terms.

"I don't believe brands were specifically picked; it is possible that the bots used a script to pull hashtags and random word content from other Twitter accounts or some other feed," Cook added. "We think the goal here was to either build followers of the account, tweet numbers, and/or have viewers click on the links in the account's bio."

In a Feb. 12 company blog post, Cook reported that the set of observed pornbots "appears to be a mix of compromised accounts and accounts specifically created to advertise pornography... As such, organizations mentioned in these bots' pornographic advertising campaigns on Twitter may suffer reputational damage in addition to distorted social media engagement campaign metrics."

According to Cook, a recent analysis took note of three distinct sets of Twitter pornbots -- each of which promoted a different adult website, but all of which used identical hashtags, shared server infrastructure, and often leveraged the same profile pictures, suggesting they were part of the same malicious campaign.

All of the accounts' profile pictures were lifted and repurposed from open-source websites such as Instagram and Pinterest. Moreover, the false accounts presented links to adult dating or video websites by either displaying them within hashtagged tweets, or including them in the bio and pinned tweet.