Detecting Twitter spam and threats

David Maynor, over at Errata Security’s blog explains how he got fooled by a spambot. Using their TwiGUARD analysis tool, he discovered a profile that to him seemed legitimate, with “normal” sounding tweets. What the tool managed to excavate from this heap of tweets were a few that were decidedly spam.

Maybe you’re guessing already how this came to be? By running the non-spam posts through the Twitter search, he found that another person tweeted precisely the same post a short time before. So, the spambot only had to steal and copy the tweet into its profile to gain a semblance of legitimacy.

There are obviously many, many more spambots that exibit the same behaviour (compare the last tweet to the previous few):

TwiGUARD is a free, experimental service for detecting Twitter spam and threats, which lets Twitter users check if a follower is a spammer or if a link embedded in a tweet is malicious. It’s applications scour Twitter in real-time and add any discovered threats to a database that can then be used to block threats like phishing attacks, new viruses, and different forms of unsolicited advertising.