Slashdot Mirror

← Back to Stories (view on slashdot.org)

3 Million Strong Botnet Grows Right Under Twitter's Nose (softpedia.com)

Posted by BeauHD on from the about-to-sneeze dept.

An anonymous reader writes: Somebody created a botnet of three million Twitter accounts in one single day, and Twitter staff didn't even flinch -- even if the huge 35.4 registrations/second should have caught the eye of any IT staffer. Another weird particularity is that the botnet was also synchronized to use Twitter usernames similar to Twitter IDs. Couple this with a gap of 168 million IDs before and after the botnet's creation, it appears that someone specifically reserved those IDs. The IDs were reserved in October 2013, but the botnet was registered in April 2014 (except 2 accounts registered in March 2014). It's like Twitter's registration process skipped 168 million IDs, and someone came back a few months later and used them. [Softpedia reports:] "The botnet can be found at @sfa_200xxxxxxx, where xxxxxxx is a number that increments from 0 000 000 to 2 999 999. All accounts have a similar structure. They have "name" instead of the Twitter profile handle, display the same registration date, and feature the text "some kinda description" in the profile bio field. Additionally, there are also two smaller botnets available as well. One can be found between @cas_2050000000 and @cas_2050099999. Sadbottrue says it was registered between March 3 and March 5, 2015. The second is between @wt_2050100000 and @wt_2050199999, and was registered between October 23 and November 22, 2014." Both have 100,000 accounts each. Theoretically, these types of botnets can be used for malware C and C servers, Twitter spam, or to sell fake Twitter followers. At 3 million bots, the botnet accounts for 1% of Twitter's monthly active users.

9 of 48 comments (clear)

  1. So... by msauve · · Score: 5, Funny

    Does this mean that twitter is finally figuring out how to make a profit?

    --
    "National Security is the chief cause of national insecurity." - Celine's First Law
  2. Quantity good, Grog rich! by Tablizer · · Score: 2

    even if the huge 35.4 registrations/second should have caught the eye of any IT staffer...

    Staffers were probably thinking, "Oh good, a big juicy user-signup bonus check!", not unlike the no-doc loan grab that crashed the world economy.

    --
    Table-ized A.I.
  3. Re: Do we really need to learn Twitter's technical by Anonymous Coward · · Score: 4, Funny

    I thought the summary was well presented that even you could understand it.

  4. Re:Do we really need to learn Twitter's technical by zrobotics · · Score: 3

    Umm... not only does my code make professionals cry, but I'm not even a twitter user and I could grok this easily enough. How is this confusing, they simply list the user number ranges that were registered and how to view the bot accounts. What I would have liked to see is some information on how they were able to register so many accounts in such a short time. Whoever owns this twitter bonnet must also have access to a reasonably sized botnet; there's no way only a few IP addresses could register that many accounts that quickly. Perhaps that is the reason all the accounts were registered so quickly, but it seems like a poor strategy to avoid detection. I guess they are assuming twitter has no interest in dropping 1% of their users banning a single botnet.

  5. Proabably test accounts by bigsexyjoe · · Score: 5, Interesting

    If Twitter doesn't nuke these accounts pretty quickly, we can be pretty sure they are test accounts. I mean 3 million botnets could easily destroy twitter.

    I think very telling is this part: "It's like Twitter's registration process skipped 168 million IDs, and someone came back a few months later and used them." Yes. Twitter reserved them and used them. They are the only ones who can line up user names with ids like that.

    --
    Democracy Now! - your daily, uncensored, corporate-free
  6. Re:Do we really need to learn Twitter's technical by negRo_slim · · Score: 2

    I've seen some pathetic whining on here before but whining about maybe needing to actually read the article is an all new level of pathetic.

    --
    On the Oregon Cost born and raised, On the beach is where I spent most of my days
  7. Re: Do we really need to learn Twitter's technical by NatasRevol · · Score: 2

    Sounds a LOT like you want more than a summary. Where details aren't always explained. Hence the reason it's called a summary...

    Maybe try the article?

    --
    There are two types of people in the world: Those who crave closure
  8. Re:Do we really need to learn Twitter's technical by stephanruby · · Score: 3, Informative

    Please do not re-use the term botnet for this. That term was obviously used to overstate the importance of this story. This is the current definition of a botnet.

    a network of private computers infected with malicious software and controlled as a group without the owners' knowledge, e.g., to send spam messages.

    This isn't a botnet. This is botspam. And for all we know in 2014, Twitter wasn't even checking that new accounts were created through different ip addresses, for the simple reason that companies like Twitter often tout the number of accounts created on their platform as their own measure of success.

  9. Re: Do we really need to learn Twitter's technical by AmiMoJo · · Score: 2

    The summary is supposed to help me decide if I want to read the article* and comments. I know people complain about dumbing down, but it is possible to write a summary that is both intelligible by people not familiar with the jargon while still presenting some relevant technical detail.

    In this case I think the use of the word "botnet" is highly misleading and adds to the confusion.

    * ha ha, yeah ok

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC