Actor groups from this area of Europe have been known to run spam infrastructures similar to this campaign.As of 10 July, Zero FOX disclosed all of the Twitter profiles and posts to the Twitter security team, who subsequently removed them.Many of the websites’ policies claim that the site owners operate most of the profiles.
Zero FOX is actively sending data to the networks to curb the botnet spam for users.
All fraudulent activity shown in this post has been reported to the social networks for immediate removal.
, which are collections of accounts controlled by a central command.
A bot is any account that is controlled not by an organic user but by some form of automation.
This observation was notable given that 12.5% of bot displaynames contained letters from the cyrillic alphabet corresponding to common female Russian names.
The poor English, Cyrillic text and sheer magnitude of the infrastructure is indicative that SIREN is a group or actor that is technically proficient and probably located in the Eastern Block of Europe.
Twitter was prompt and efficient in their takedown, as the malicious botnet is in clear violation of their Terms of Service.
Zero FOX also disclosed all of the short urls to Google Security Team, who subsequently removed them and added the long Url domains into their blacklists.
There were 26 options for the First Phrase but only 8 for the Second Phrase, and all phrases were identical down to the level of individual capital letters.