The rise of the Twitter shills

TweetAdder_10

Advertising is to make money. And, as we’ve all seen in the onslaught of paper in snail mail boxes and the email jam in Internet spam filters, there is a vast army of people and companies out there advertising their products, advertising FOR someone with products to sell and even advertising advertising. Some are now using automated tools to advertise automated Twitter spamming agents — on Twitter.

The first thing to notice in this ad deluge: some of the trolls for getting more Twitter followers will take you to malicious sites – a phishing operation by the looks of this one:

TweetAdder_13_malicious tweet

TweetAdder_12_malicious tweet notice

We checked out one of the grayware sales campaigns on Twitter and tested a software agent that claims to be able boost your Twitter following. It appeared to be legal, assuming they don’t misuse your credit card data or steal your Twitter login.

TweetAdder_6

Its flaw, however, is that its entire method seems to be based on the shaky premise that if you subscribe to a huge number of Twitter accounts that have tweeted something similar to your interests, then they will subscribe to YOUR Twitter feed. And then you can spam them to oblivion.

I’m not sure anybody thought this one through. Assuming it works, as the number of spamming agents builds, eventually the bulk of Twitter traffic is going to come from automated agents spamming each other.

Getting more followers INSTANTLY seems a bit of a stretch. TweetAdder didn’t attract any new followers in 24 hours in our test.

TweetAdder_7

It has an attractive graphic interface, although it’s far from intuitive. If you have the patience to read through the 10 mb pdf help file it becomes apparent that TweetAdder automates all the things you can do on Twitter, starting with a key-word search for tweets containing search terms you select, and ending with a mechanism to schedule automated tweets that you can send out as frequently as one per minute. And, of course, it IS for sale:

TweetAdder_9

There is line in the Tweet Adder End User Licensing Agreement that seems to be a tip off about their confidence in their own product:

“If you dispute a charge to your credit card issuer or take any action that results in a payment being reversed that, in our sole discretion is a valid charge under the provisions of the TOS, you agree to pay us an Administrative Fee” of $100.“

If you dispute the original credit card charge and they charge you another $100, I wonder why they think you’re not going to contest that too.

As we said, some people make money advertising advertising and that now includes selling the tools you can use to clog Twitter and advertise the Twitter Fail Whale, who seems to be in great evidence around the middle of every day in the Eastern Standard time zone.

Twitter has a place to get information on fighting spam: http://twitter.com/SPAM

It has 234,760 followers.

Twitter’s page “How to Report Spam on Twitter” here.

Tom Kelchner

Expanded attacks on Windows Help Center follow POC

Microsoft has said it’s seeing an escalating number of attacks exploiting the unpatched Windows Help and Support Center vulnerability that was publicized last month.

Tavis Ormandy, a Google research, has drawn criticism for releasing details of the vulnerability and proof-of-concept exploit code on the Full Disclosure security list less than a week after he told Microsoft of it.

The vulnerability allows the remote installation of malcode on Windows XP and Server 2003 machines by drive-by downloads from malicious web sites.

Microsoft said it had monitored attacks on 10,000 machines with the volumes largest in United States, Russia, Portugal, Germany, and Brazil.

Microsoft said: “At first, the attacks seemed to focus on downloading Obitel, which is malware that simply downloads other malware. However, most recently, downloads have run the gamut, varying in methodology (some direct downloads, but also some downloads involving single or double script redirects, which our products detect as TrojanDownloader:JS/Adodb.F and TrojanDownloader:JS/Adodb.G, and also varying in payload.”

They also said, “Starting last week, we started seeing seemingly-automated, randomly-generated html and php pages hosting this exploit. This attack methodology constitutes the bulk of attacks that have continued to flourish into this week.”

There is no word on when Microsoft expects to fix the vulnerability.

Microsoft Malware Protection Center blog here: “Attacks on the Windows Help and Support Center Vulnerability (CVE-2010-1885)”

Microsoft advisory with work-around here: Microsoft Security Advisory (2219475)

I think Tavis Ormandy just made himself the poster boy for responsible disclosure.

Tom Kelchner