Breaking Bad Fans Targeted in Twitter List Spam

On the heels of its most highly acclaimed episode, Breaking Bad fans tweeting about the popular AMC show may find themselves targeted by a new Twitter spam tactic.

Traditionally, spammers and scammers abused the reply functionality built into the service but over the years, spammers have searched for different ways to gain visibility amongst Twitter users. The most recent tactic being utilized is called list spam.

A Twitter list consists of a curated group of Twitter users. Users can create their own lists or subscribe to existing lists already created by others. Spammers are using this feature to get the attention of Twitter users.

Various lures have been used in Twitter list spam recently, from offering celebrity phone numbers to free gift cards, devices, and video games.
 

Breaking Bad 1.png

Figure 1. Twitter spam account for Breaking Bad
 

This weekend, the penultimate episode of Breaking Bad, “Granite State,” will air. The show has received a lot of buzz and fans, like myself, have eagerly counted the days until Sunday. Spammers are riding the coattails of the show’s popularity in an attempt to trick users into downloading a leaked copy of the next episode.
 

Breaking Bad 2.png

Figure 2. Twitter lists used in Breaking Bad spam
 

Twitter list spam starts off with being added to a list along with thousands of other users.  Usually, this type of spam requires you to visit the list creator’s page to see the spam link. In this case however, the link is presented in the list description.
 

Breaking Bad 3.png

Figure 3. Pastebin contains links to file hosting services
 

The URL leads to Pastebin, which contains links to different file hosting services for downloading the episode.
 

Breaking Bad 4.png

Figure 4. File hosting services hosting an episode of Breaking Bad
 

The file hosting services contain a 280MB file for the user to download. Additionally, users can opt to download a torrent file to use peer-to-peer downloading to obtain the episode.
 

Breaking Bad 5.png

Figure 5. File contained within the archive
 

Once downloaded, there are two files in the Zip: a text file named “How To Open – READ FIRST.txt” and a large file (nearly 300MB).
 

Breaking Bad 6.png

Figure 6. Readme text file contains a shortened URL
 

In order to open the large file, users are instructed to download the latest version of 7-Zip. The link directs users through an affiliate program, which is how scammers make money. The affiliate program directs users to an installer that comes bundled with other applications. Users can choose not to install these applications.
 

Breaking Bad 7.png

Figure 7. Breaking Bad season 5, episode 12
 

Ultimately, installation of this file is unnecessary as the video file can be opened in any media player. Unsurprisingly, the downloaded episode is from earlier this season.
 

Breaking Bad 8.png

Figure 8. Reporting spam account to Twitter
 

Twitter list spam is a new trend, one that is gaining quite a bit of traction. If you find yourself added to a Twitter list, you can remove yourself from the list by reporting the user that added you.