Evil Twitter Tweets

by Fred Showker

... continued from the previous page.

Bottom Line: Twitter Traps disguised as "Photoshop"

By this point, I know I've been had. Did you keep count of how many pages and clicks we went through? We were unable to calculate how much revenue we generated for the various players in this game, but it's more than just a few. Are they all somehow related? No idea. But we do know that stalker links all along the way were sending referral pings to other various sites, and recording our actions. A quick Google Search on the actual file reveals that the actual file was only posted 12 hours ago -- about two hours before this tweeter began tweeting these tweets. (There is no guessing how many re-tweets it got, all from over-zealous Twitter tweeters.)

Now, for a real wake-up call, this Google search will illustrate how many people have replicated THAT file across the internet! So, here's Today's Search. Can you believe that??? From three to hundreds?

Ask a few questions

I continued searches for about an hour and failed to reveal any other mention of who "Ron" is, or where the file may have originated. However I did gather some interesting information about how a Twitter user can be lead down a trail that does nothing but produce someone else revenue.

NOTE The domains in the trail after Twitter are outside the U.S.
NOTE Download links are in Amsterdam, Netherlands, at three IP blocks known for spam and malware.
NOTE "Download Turk" is in Cyprus with forged Whois info.
NOTE Download domains use WhoisGuard "spam" domains, a known spam / malware trick to evade detection
NOTE The "Bit.ly" link in the tweet went to a site in Delhi, India.
NOTE All of the pages and links encountered in this exercise follow patterns documented as similar to those used by cybercrime, stalking and phishing entities. This tweeter, or who ever is behind this sad trail went to great measures to avoid detection or identification.

Who do you follow on Twitter?

Can we draw some connection between this sordid trail of abuse and the person who kept tweeting this again and again? I don't know. There's no clue as to who is, where he's at, or why he's tweeting so much about Photoshop. Maybe he's just an over-zealous fan.
NOTE He has 1,849 followers, and he follows 85
NOTE he has tweeted more than 7,096 tweets
NOTE He has tweeted 80 links in the past 12 hours. (one every 9 minutes)
NOTE One link was tweeted 19 times, and another 24 times in that period - which leads me to believe they are somehow connected to him, or a revenue source for him. Why else would you tweet so many times in so short of period of time? What did you do 80 times in the last 12 hours?

I checked a few of the other links in his feed, and they went along the same scenario, other than an occasional link to CreativePro, Smashing or some other valid address. Yet, NONE of the links went to the original author's site. ALL went to some site replicating the same links to other sites.

I've run out of time. But you get the picture. If this particular episode is truly innocent, then fine. But what worries me is all those 1,700 followers are re-tweeting the same links. This particular link does eventually get you the file. But only after some considerable time and effort -- while all the time, you don't have a clue whether or not the file is any good, or if it's just malware to plant a worm or zombie on your computer.

I would provide the file here for you and save you the trouble, however: the file "Ron_artistic_edges.rar" contains a .exe file that won't load on the Mac. So if I cannot proof it, then I'm not going to provide it for download. For all I know it's carrying a worm -- this scenario is characteristic of Botnet worm purveyors. The folder also contains a link and an ad for templates4share dot com located in Saarbrcken, Deutschland ( where every single download follows the above twists and turns to renegade download sites. Some end up on Pharma-spam pages rather than online gambling. So I'm immediately suspicious of connections between this file provider and cybercrime.

Be careful what you click -- beware of malware and phishing sites Ladies and gentlemen, please do us all a favor:
NOTE DO NOT TWEET unless you KNOW what you are tweeting, and
NOTE DO NOT CLICK on images, links or perceived downloads until you
NOTE LOOK at the status bar and understand where the link will take you.
In the course of writing this article we encountered more than a dozen other heavy tweeters in the Photoshop genre which follow the SAME pattern.

Like always say: it's a jungle out there!

Thanks for reading

Fred Showker

Don't forget ... we encourage you to share your discoveries about favorite or famous graphic designers and illustrators with other readers. Just comment below, join the forums for discussion, or give me a tweet at Twitter/DTG_Magazine

Here are just a few of the evil goings-on behind the scene of tweeting, and, just a few more things to watch out for in the online jungle:
Warning: Evil Tweets
Evil Twitter Marketing Techniques
Classic (And Evil) Twitter Spam
How to increase Twitter Followers... the evil way!
State of Twitter Spam
Here Comes Twitter Spam And How To Fight It (techcrunch.com)
Twitter Spam: 3 Ways Scammers are Filling Twitter With Junk
Get Paid To Tweet? (Twitter)
Can You Get Paid to Tweet?

27th Anniversary for DTG Magazine


On April 5th, JudyAnn Dutcher said:

You are very wise and I appreciate the education.

On December 8th, Su Hall said:

FYI - Ron is this Ron: http://www.devineydesigns.com/
It looks to me like his works are some of the most jacked works of all time.

Thank you for this post. While I don't do alot with Twitter, I see similar scenarios throughout the web. Good info to know!

Su Hall

On February 13th, kristine said:

twitter is an online social networking service and microblogging service that enables its users to send and read text-based posts of up to 140 characters, known as "tweets". See the site below it helps you to find more information.


Post new comment

The content of this field is kept private and will not be shown publicly.

This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Enter the characters shown in the image.