Commercial Twitter spamming tool hits the market

Summary:Last week, a commercial Twitter spamming tool (tweettornado.com) pitching itself as a "fully automated advertising software for Twitter" hit the market,  potentially empowering phishers, spammers, malware authors and everyone in between with the ability to generate bogus Twitter accounts and spread their campaigns across the micro-blogging service.

Last week, a commercial Twitter spamming tool (tweettornado.com) pitching itself as a "fully automated advertising software for Twitter" hit the market,  potentially empowering phishers, spammers, malware authors and everyone in between with the ability to generate bogus Twitter accounts and spread their campaigns across the micro-blogging service.

TweetTornado allows users to create unlimited Twitter accounts, add unlimited number of followers, which combined with its ability to automatically update all of bogus accounts through proxy servers with an identical message make it the perfect Twitter spam tool.

TweetTornado's core functionality relies on a simple flaw in Twitter's new user registration process. Tackling it will not render the tool's functionality useless, but will at least ruin the efficiency model. Sadly, Twitter doesn't require you to have a valid email address when registering a new account, so even though a nonexistent@email.com is used, the user is still registered and is allowed to use Twitter.

So starting from the basics of requiring a validation by clicking on a link which will only be possible if a valid email is provided could really make an impact in this case, since it its current form the Twitter registration process can be so massively abused that I'm surprised it hasn't happened yet. Once a Twitter spammer has been detected, the associated, and now legitimate email could be banned from further registrations, potentially emptying the inventory of bogus emails, and most importantly making it more time consuming for spammers to abuse Twitter in general.

If TweetTornado is indeed the advertising tool of choice for Twitter marketers, I "wonder" why is the originally blurred by the author Twitter account used in the proof (twitter.com/AarensAbritta) currently suspended, the way the rest of the automatically registered ones are? Pretty evident TOS violation, since two updates and 427 followers in two hours clearly indicate that a spammer's tweeting.

Topics: Security, Social Enterprise

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.