Analysts recently investigated the trend of adult entertainment-themed Twitter bots known as pornbots. These bots post tweets with hashtags containing popular brand names alongside random, unrelated terms. The observed set of pornbots appear to be a mix of compromised accounts and accounts specifically created to advertise pornography. As such, organisations mentioned in these bots’ pornographic advertising campaigns on Twitter may suffer reputational damage, in addition to distorted social media engagement campaign metrics.
In recent years, Twitter has become a primary form of external, two-way communication and engagement for organisations across all sectors. For example, companies often use hashtags to monitor the spread and reception of marketing campaigns and sponsored events. More crucially, emergency services may use hashtag tracking to gain real-time insight into current situations during natural disasters and other crises. In a worst-case scenario, pornbots or other spambots could identify a trending hashtag and distort the conversation by sharing unrelated or false information.
Flashpoint analysts identified three distinct sets of pornbots using identical hashtags, indicating they were likely part of the same organised campaign. While similar in appearance and often using a common set of profile pictures across the groups, each promoted a different adult website. However, the three adult websites linked the profiles were hosted on one of two common servers, which may indicate the pornbots share a common origin. Flashpoint analysts did not detect any malicious files on the servers hosting the websites advertised by the pornbots.
Flashpoint analysts observed two primary methods of advertising across the pornbot accounts:
Over the course of their investigation, Flashpoint analysts noted several common traits that can be used to identify pornbots and other spambots:
The following mitigation measures may help reduce the number of pornbots and spambots using brand names. These steps may also reduce the number of false detections and aid in validating social media metrics: