An invasion of over 90,000 pornbots on Twitter linking to subscription pornography, fake dating sites and lewd webcams has been shut down by the social media site, but not before the salacious tweets amassed over 30 million interactions from Twitter users.

The botnet campaign, dubbed Siren, reportedly produced over 8.5 million spam tweets containing explicit content and links that redirect to potentially fraudulent porn or dating sites. The flood of pornbots was eventually eradicated by Twitter after digital security company ZeroFox handed over the details of each account.

Baltimore-based ZeroFox described the botnet scam wave as "one of the largest malicious campaigns ever recorded on a social network." The company noted that the majority of the accounts were set-up with a female profile image and display name to entice users to click links - a method which appears to have worked considering the number of clicks generated by the campaign.

"The accounts either engage directly with a target by quoting one of their tweets or attracting targets to the payload visible on their profile bio or pinned tweet," ZeroFOX said.

It also noted that while it had not observed overt phishing or malware activity during its six-month investigation, "malvertising and redirection to websites with exploit kits is easily accomplished due to the plug and play architecture that Siren employs."

The influx raises questions about how such a large number of fake accounts evaded Twitter's anti-spam methods. ZeroFox noted that around 20% of the accounts posted their first tweets a year on from their initial activation in order to avoid detection.

As for the source of the spam campaign, ZeroFox determined that Siren could be associated with Deniro Marketing - a Californian company that has previously been connected to dubious adult dating sites with paid subscriptions.

While it found that 40% of the accounts were associated with Deniro, ZeroFox asserts that Siren's origin is more likely to be an Eastern European country or Russia as many of the accounts' language settings were Russian and several user names contained Cyrillic letters.