Twitter onmouseover exploit will happen again – it's all about spam

Byron Acohido, an IT and business writer for USA Today of more than 30 years, says that what the Twitter security saga shows, is that spammers of all types are what pushed the onmouseover flaw into the mainstream.

According to Acohido, the spam generated by the Twitter flaw exploitation has also been seen on Facebook, where a number of security flaws have been used to generate large volumes of unwanted emails.

"The more Facebook and Twitter add new features, the more spammers can be expected to search out fresh security holes and blast through for however many hours it takes technicians to respond and patch the hole", he said in his security blog.

The spam gangs who specialise in 'survey spam'  were a major force in both spam campaigns, Acohido says.

These are the guys, he says, who earn $1 a time for each advertising-backed survey they get users to fill out. He adds that a similar spamming group recently tracked by F-Secure threat analyst Sean Sullivan earned $485 188 for one days' worth of spamming out such surveys.

"Twitter has indicated it may push images and videos more directly to Tweeters as part of its recent major upgrade. And Facebook is making a big push to become a major transactions hub for online gamers", said Acohido.

He quotes Sullivan as saying that if there are any fresh vulnerabilities lurking in any of the new functionalities tied to those initiatives, spammers are likely to find them and exploit them.

Sullivan also told the USA Today reporter that the pattern seen in this week's Twitter spam attack is likely to be repeated.

"Users are likely to sound the first alarm, messaging each other about the danger. Technicians will then scramble to patch the hole", he said, adding that spammers will push through as much spam as they can during their window of opportunity.

What’s Hot on Infosecurity Magazine?