Jun 13

Twitter zombies and content theft

A few days ago, I noticed a new follower that didn’t look quite right. Check it out for yourself (@KoriWilbur).

I’ve never been a fan of people who use Twitter just to spray links – especially if they all lead back to the same site. There’s very little value in such a Twitter account. But when an account like this shows up, and all of the tweets have something in them that looks like a pattern (here the “$ ” preceding the actual content of the tweet, it looks even more strange. What’s funnier though, is Twitter on iOS provides a list of three accounts that are “Similar to …” and links to them. So when KoriWilbur started following and the account stood out, I happened to notice the similar accounts that Twitter said were similar. Man, was Twitter spot on.

Twitter recommended @CorettaBerk, @LuannJohn, @HilmaErvin, @LilliMoffett, and @MieshaTuttle, among many others. The more I refreshed, the more accounts it provided that were eerily similar. There were dozens and dozens of accounts using this same MO.

The person building out these accounts did a really exceptional job of trying to bury their “undeadness”. They always seem to have a unique profile picture and usernames that match full names (always female, as Twitter grifters like to do), some actual pictures/videos that the profile has posted, which tends to lend authenticity to a zo semi-unique bio, and the URL in their bio is always self referencing (back to their own Twitter profile). A key difference was that different accounts used a different tweet suffix than the “$ ” that my original follower did, such as “! “, “@ “, or “# ” (note that it often, but not always seemed to be a shift+numkey value – another example was “\\ “). Also, it appears that they try to often use different URL shorteners across the accounts, even when linking to the same topic.

Speaking of links – the links always go to mobilephoneadvise.com, which I had never heard of before this. Now I know why. They just plagiarize content.

Take a look at this post on mobilephoneadvise.com. Now take a look at this post on TechCrunch. They’ve blatantly lifted content off of TechCrunch (which seems to be the favorite site for mobilephoneadvice.com to steal from) and posted it on their own site. Intermingled amongst the pilfered content are links to games. Not even game reviews, mind you, just the same approach to games as content. See this game site, and then the post about the game on mobilephoneadvise.com. The entire overview paragraph is lifted from the developer’s site. At a quick glance, at least one the samples I downloaded even appeared to be malware.

In short, there’s nothing good going on at that site, and they’re another example of individuals gaming Twitter for personal gain – and in this case stealing content and possibly infecting devices to do so.

May 13

Twitter zombies? My favorite.

Within the last few weeks, a very annoying trend on Twitter began to pique my curiosity. I saw random accounts that don’t follow me marking some of my tweets as favorites. What was weird though was the tweets that were getting marked weren’t, frankly, my best work. But I started noticing more about these accounts.

First of all, as I said, the accounts that seemed odd were generally marking odd tweets as favorites. Take this tweet for instance, which has three weird accounts that have favorited it (and my friend, who was just being punchy). A few other examples that friends on Twitter noted are here, here and here. While I thought it was interesting that this one of mine was the last tweet of the day for me, it wasn’t in the case of my friends, although the tweets do tend to be marked in the evening.

The second thing I noticed about the accounts marking these was that they always had names that were nonsensical given their username. Take this one for instance. Username is Rossiengkh, name is Rosalina Harrey. The usernames of these accounts seem to consist of a first name and generally 3, 4, or 5 gibberish characters appended. The more I looked, the more often I found that the names on the account were completely unrelated to the username – or pictures that were even of the wrong gender. Pictures of men with female account names, etc.

Next, I noted that all of these accounts had few tweets (generally less than 20) and were created recently (May 3, 2013, in the case of the account above).

Upon examining each of these accounts when they marked a favorite, I found that most of them had quite a few accounts they were following, and quite a few accounts following them. The patterns I noticed with my initial favorite zombie continued through all of the accounts they were following. For example, look at all of the accounts Rossiengkh is following. When it came to their followers, the story was different. All of their earliest followers match the pattern as well (again, see those of Rossiengkh).

It’s here that I’d like to theorize why these bots don’t spam, but rather favorite tweets instead. It’ll make sense in a minute. First, imagine you’re a really new user on Twitter. Suddenly, out of the blue, some user, likely following more people than you, and more followers than you, favorites one of your tweets. You maybe poke at their account a bit, notice their followers/followees, and that they have a few tweets. So you follow them. NOOOOOO!!!!!!!!

That’s why these zombies all have nobody they are following that is legitimate, and their accounts all began with a similar stack of zombie followers, to add cred. While some of us who have been on Twitter for a while noticed the funky smell from these accounts, new users aren’t generally aware that there are people gaming Twitter.

What’s most interesting is that many of these zombies are marking tweets as favorites that existed before their account did (the account above, created in early May, has favorites dating back into at least 2012). I didn’t even know you could mark tweets that existed before your account did as favorites, though I guess on some plane it makes sense.

So… Why all this trouble? Why build out a network of accounts following other accounts, following other accounts? Favoriting random things on Twitter? To sell followers, of course!

Follower counts generally aren’t vetted – people don’t go through and scan your followers to see if there are real people following you or not (well, not always). But buying followers, as questionable as it is, appears to be a thing to artificially add credibility to an account. I think it’s pretty sleazy and frankly devalues Twitter.

So let’s talk about one more thing almost all of the zombies have in common. Not all of them, mind you, but most of them. A short URL in their Twitter bio that at first glance appears relatively unique, and uses either bit.ly, tiny.cc, or tinyurl.com (the latter of which has now seemingly killed off the use of their service for this scam). I haven’t tabulated how many unique URLs there are (let alone how many zombies there are), but I can only assume there are quite a few. But more importantly, these URLs are not actually unique underneath.

If you click on the URLs, the final destination that you wind up with is followersdelivery.com (no link because I don’t want them to get SEO). However, they appear to have a layover along the way, at bestgod.info. Followersdelivery.com was registered through GoDaddy on February 24 of this year, with a one year registration. The registrant is an individual in Zagreb, Croatia, with – I believe – a postbox. More interestingly, bestgod.info was registered on March 24 of this year, and was last edited two days ago, on Friday, May 24. Even more interesting? That domain was registered with fake credentials through Wild West Domains, LLC. The Spurger, TX address used to register the domain doesn’t exist, and the phone number is dead.

The initial bestgod.info domain appears to do a client-side redirection to the final destination. I’ve seen this trick done before, and there’s often logic thrown in on the client side (or even before then in the server redirection) that may be defeating Twitter’s ability to detect or block this URL (assuming they’re trying to). I mentioned over a year ago the risks of trying to unwind URL shorteners when it comes to really knowing what site is at the end of the link.

But the funniest part of this exercise has to be reading the followersdelivery.com site. The site advertises (shocker) all of the following for sale in bulk:

  • Twitter followers
  • Facebook likes
  • YouTube views
  • Instagram followers

The price of Twitter followers?

  • $20 – 1,000 followers (within 24 hours)
  • $50 – 5,000 followers (within 24 hours)
  • $80 – 10,000 followers (within 48 hours)
  • $170 – 30,000 followers (within 48 hours)
  • $420 – 100,000 followers (within 3 days)

My favorite part of the followersdelivery.com site, though, has to be the following, on their FAQ page:

Can I trust Followers Delivery? Are you a reputable company?
For many people, our services seem too good to be true, so we get this question asked all the time. Followers Delivery offers very popular social media services, low pricing and excellent customers support. We believe in offering an exceptional service to all of our customers and clients. Read the reviews that our customers have left us, we are sure you’ll be impressed.

And this little gem (underline emphasis mine):

Are these real users? How do you gather the followers?
Absolutely! We guarantee that these Twitter followers are real people and that no bots or proxies will be used in the delivery of your Twitter Followers.We rely purely on proprietary marketing and promotion techniques to get the job done right. We also own and operate a few high traffic Fan pages, Twitter accounts, Youtube channels and website which we use to generate real social media users for our customers.

<SPIT TAKE/> Yes. I’m sure that those are all real people that I’ve called out above. The Twitter undead.

It gets more interesting, though, as Followersdelivery.com was explicitly called out for their role in Michelle Malkin’s Twitchy site investigating Rachel Maddow. Note that even then the site had recently been suspended by the registrar hosting it. I’m not exactly sure who paid for what in that instance either (and frankly, given the low cost of buying followers, I can imagine someone paying to have an opponent’s Twitter presence defamed by “throwing” fake followers at their account). Regardless, I hope that Twitter does something to block this service relatively soon.