Commercial Twitter spamming tool hits the market

Commercial Twitter spamming tool hits the market

Summary: Last week, a commercial Twitter spamming tool (tweettornado.com) pitching itself as a "fully automated advertising software for Twitter" hit the market,  potentially empowering phishers, spammers, malware authors and everyone in between with the ability to generate bogus Twitter accounts and spread their campaigns across the micro-blogging service.

SHARE:

Last week, a commercial Twitter spamming tool (tweettornado.com) pitching itself as a "fully automated advertising software for Twitter" hit the market,  potentially empowering phishers, spammers, malware authors and everyone in between with the ability to generate bogus Twitter accounts and spread their campaigns across the micro-blogging service.

TweetTornado allows users to create unlimited Twitter accounts, add unlimited number of followers, which combined with its ability to automatically update all of bogus accounts through proxy servers with an identical message make it the perfect Twitter spam tool.

TweetTornado's core functionality relies on a simple flaw in Twitter's new user registration process. Tackling it will not render the tool's functionality useless, but will at least ruin the efficiency model. Sadly, Twitter doesn't require you to have a valid email address when registering a new account, so even though a nonexistent@email.com is used, the user is still registered and is allowed to use Twitter.

So starting from the basics of requiring a validation by clicking on a link which will only be possible if a valid email is provided could really make an impact in this case, since it its current form the Twitter registration process can be so massively abused that I'm surprised it hasn't happened yet. Once a Twitter spammer has been detected, the associated, and now legitimate email could be banned from further registrations, potentially emptying the inventory of bogus emails, and most importantly making it more time consuming for spammers to abuse Twitter in general.

If TweetTornado is indeed the advertising tool of choice for Twitter marketers, I "wonder" why is the originally blurred by the author Twitter account used in the proof (twitter.com/AarensAbritta) currently suspended, the way the rest of the automatically registered ones are? Pretty evident TOS violation, since two updates and 427 followers in two hours clearly indicate that a spammer's tweeting.

Topics: Security, Social Enterprise

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

19 comments
Log in or register to join the discussion
  • Is this English?

    "I ?wonder? why is the originally blurred by the author Twitter account used in the proof..."
    wgg
    • English

      1. Have you considered that perhaps English isn't his first language? I Googled him- he's from the Netherlands. How many languages do you write in- perfectly?

      2. This is a blog, xhristsakes, move on.
      marta@...
  • RE: Commercial Twitter spamming tool hits the market

    So if you are not a <b>Twit</b>, you need not worry?
    jhimes
  • RE: Commercial Twitter spamming tool hits the market

    Thanks for posting this info. That's a nasty piece of software. I hope Twitter will now require legit email accounts
    marta@...
    • I'll second that.

      Must say, I'm surprised that there is no "valid email address required" at registration... pretty much everyone else out there requires you confirm your registration by clicking on the link they send to the email address you provide at registration. Hmm...
      harry.n
  • Great...

    I'm off to spam, before they get this fixed!

    But seriously, I appreciate this is a tech news site, and this article is (apart from the "blurred bit, which made sense eventually) a decent bit of journalism... But advertising a rather dramatic hole in Twitter's account registration process seems a tiny bit reckless.

    Maybe you could have alerted them, given them 24hrs (or even a week perhaps) to implement a check for valid email addresses, and then posted the blog? Perhaps you did, but I suspect not, since the article lacks the "I saved all you Twitter suckers, and you didn't even notice!" part.
    bishofthedump
  • RE: Commercial Twitter spamming tool hits the market

    variants of te tool have been aorund for months. and months.
    some of which are subscription based..
    but thanx for the imnfo on a new one.
    every tool helps.
    gabrielbear@...
  • RE: Commercial Twitter spamming tool hits the market

    This is where automated following programs are a problem, as you suddenly end up following all this junk. I'm getting 2-3 of these a day and am blocking each as they start following me. Very irritating.
    maremel
  • Simple Solution - Read before you Follow

    I have tons of "people" following me that I don't want to follow. SO I DON'T!!!!!

    You have to go to their site and click FOLLOW. I don't click it. No software will click it for me unless I give them permission to do so.

    Of course, they could do a "reply to" that would land on someone I'm following, but if that happens too much, I won't follow them anymore.

    Terri
    webservant2003@...
  • RE: Commercial Twitter spamming tool hits the market

    ha ha ha what a great idea! I have a company in mind that
    creates thousands of fake email accounts based on a real
    domain, and bingo there you go. get a domain pay the fee
    and spam away. Harvesting email addies is old hat now!
    I cannot wait to see how this plays out down the road. Will
    ISPs actually take steps to prevent spam - i doubt it. So
    sure any legitimate address associated with "real_isp.com"
    will be diced. who cares? their affected ISP's customers will
    be crippled but who cares..... as long as the monthly fee
    rolls in. If you really want to be nasty, use a real address as
    the "return" address ha ha millions of bounces per day
    vilppuu@...
  • RE: Commercial Twitter spamming tool hits the market

    no one is spamming anyone if they do not choose to
    follow back they don't receive no messages and are
    unfollwed ...
    vangie2280
  • RE: Commercial Twitter spamming tool hits the market

    If people got out of this 'autofollow' mentality then tools like this would be obsolete.

    The only reason this works is that the bot follows loads of people, who autofollow back and can then be spammed.

    Switch off autofollow, vet who you follow and you can't be spammed unless you allow yourself to be. If you don't like who you're following, unfollow them!
    nikkipilkington
  • How to twitter market without spamming

    thanks for the great article. I think alot of people don't know to integrate or use twitter.
    if all you want to do is talk about where your eating lunch.....any chat client will do. I have been interviewing the people killing it on twitter (check out <a href="http://www.twitterkillers.com" title="free how to twitter course"> twitter webinars </a>)and they have a totally different view of twitter marketing and twitters use. But then again they are the ones with 50,000 - 100,000 people following their every word. If anyone has a question for Scobleizer I am interviewing him next you can ask questions at <a href="http://tinyurl.com/advanced-twitter" title="advanced twitter marketing">advanced twitter marketing </a>. Just like this twitter is about direct conversation with influential people.

    happy twittering
    Tweet Master
    trustseo.com
  • RE: Commercial Twitter spamming tool hits the market

    Marta, your aggressive response might be justified if we could work out what he meant. I can't. He doesn't have to be perfect: just comprehensible.
    Patrick Neylan
  • Tweet Tornado Replies To This Blog.

    TweetTornado only adds followers, YOU have to click on the page and choose to follow someone so there is no spam involved, only optin marketing. The only peole who receive anything are the people who follow and give permission. Everyone needs to realize this is not like a typical spam tool. This is permission based optin marketing! And if twitter would quit shutting the accounts down for no good reason then the software wouldn't have to create unlimited accounts anymore. I dont see how this software is bad for twitter, anyone can do the same thing without software the difference is this software saves you alot of time following people.

    So to all you people who think I am whron, ask yourself this question...

    If a person must willingly choose to follow me and it is also their choice to click on my link to see whatever I am offering to "help" them, Then how could this be considered spam?

    P.S. thanks to the blog owner for advertising my service, I'm getting lots of new customers now. haha.
    tweettornado
    • Die you scum sucking roach of humanity

      Scum sucking roaches take all that is good, pure and innocent in the
      world and completely fuck it up to oblivion. Thanks to roaches like
      yourself, we can't have single email address without it being swamped
      spam, or as you bastards call it 'targeted advertising', we can't have
      social networking sites without our message boxes being spammed
      with trying to push their porn site, heck, can't even have a damn
      website like this with a forum without bastards like you marketing
      your crap on.

      Quite frankly, if every person like yourself removed yourself from the
      gene pool - the progress of humanity would jump leaps and bounds;
      GWB would never have been voted in as president of the US, the
      economic crisis would never have happened - as a society we'd jump
      leaps and bounds. Too bad we have lead sinkers like yourself
      inhabiting the earth.
      Kaiwai
  • Twitter Spam Yuck

    Yuck, yuck and more yuck.

    Just when you get a social network that connects and feels like purely communicating you get this kind of clutter.

    I want to be protected from this!

    http://www.justaskgemalto.com
    Andrew Merrick
  • RE: there are already similar tools out there

    Mr. Tweet, http://mrtweet.net/ appears to work in a somewhat similar way, it "suggests" people to you but is not as automatic. But essentially it is still a "marketing" tool, just angled to look more friendly.
    absent
  • RE: Commercial Twitter spamming tool hits the market

    Well done! Thank you very much for professional templates and community edition
    <a href="http://www.yuregininsesi.com">seslisohbet</a> <a href="http://www.yuregininsesi.com">seslichat</a>
    birumut