Application security, Threat Management, Network Security

New crop of Twitter pornbots found advertising adult sites, misappropriating hashtags

A researcher who in 2016 uncovered roughly 500 bots programmed to create Twitter posts that advertise pornography found that about 20 percent of them were still active two years later.

Rob Cook, the senior analyst at Flashpoint who spearheaded the research, told SC Media that although the number of older pornbot accounts "was reduced by Twitter's action against them through abuse reporting," he was nevertheless "able to quickly identify new 'pornbots' using the same technique, which brought my list of accounts to nearly 60 in just a few minutes."

Moreover, these new bots were observed employing the same techniques as their predecessors, whose discovery was originally disclosed in a private company intel report. Techniques include using legitimate hashtags used by Fortune 500 brands and placing them beside various unrelated terms.

"I don't believe brands were specifically picked; it is possible that the bots used a script to pull hashtags and random word content from other Twitter accounts or some other feed," Cook added. "We think the goal here was to either build followers of the account, tweet numbers, and/or have viewers click on the links in the account's bio."

In a Feb. 12 company blog post, Cook reported that the set of observed pornbots "appears to be a mix of compromised accounts and accounts specifically created to advertise pornography... As such, organizations mentioned in these bots' pornographic advertising campaigns on Twitter may suffer reputational damage in addition to distorted social media engagement campaign metrics."

According to Cook, a recent analysis took note of three distinct sets of Twitter pornbots -- each of which promoted a different adult website, but all of which used identical hashtags, shared server infrastructure, and often leveraged the same profile pictures, suggesting they were part of the same malicious campaign.

All of the accounts' profile pictures were lifted and repurposed from open-source websites such as Instagram and Pinterest. Moreover, the false accounts presented links to adult dating or video websites by either displaying them within hashtagged tweets, or including them in the bio and pinned tweet.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.