For those of us using the Twitter service spam is something that while an irritation it hasn’t become a major intrusion the way it has with email. That could change with the availability of the first commercial Twitter spamming tool called TweetTornado (tweettorando.com) which bills itself as a “fully automated advertising software for Twitter”.
The software potentially lets spammers, malware authors and phishers generate bogus Twitter accounts and use them to spread their crap across the micro-blogging universe. As well as create the accounts it will also give the user the ability to automatically update all those bogus accounts through proxy servers which makes it a perfect spamming tool.
According to Dancho Danchev of the Zero Day blog at ZDnet TweetTornado plays off of a simple flaw in the Twitter new user registration system
TweetTornado’s core functionality relies on a simple flaw in Twitter’s new user registration process. Tackling it will not render the tool’s functionality useless, but will at least ruin the efficiency model. Sadly, Twitter doesn’t require you to have a valid email address when registering a new account, so even though a firstname.lastname@example.org is used, the user is still registered and is allowed to use Twitter.
Well isn’t that just the greatest news you’ve had today eh.