NEWS FROM THE LAB - Wednesday, September 22, 2010

Twitter onMouseOver Spam Posted by Sean @ 18:05 GMT

The first of yesterday's Twitter onMouseOver worms was started by Magnus Holm.

His version of onMouseOver worm did nothing more spread itself and could be deleted. And because it merely spread itself, Holm considers his version of the worm to have been harmless. Many authors of yesteryear's Internet worms thought the same.

Unfortunately, a "harmless" worm doesn't stay harmless for very long and there soon came a more aggressive onMouseOver worm, written by a seventeen-year-old using the alias Matsta.

Here's a screenshot of his now suspended Twitter account:

Twitter onMouseOver worm

Can you see the two bit.ly links in his feed of tweets?

They were clicked several thousand times.

Twitter onMouseOver worm

Twitter onMouseOver worm

And where do the links go? — Surveys.

Matsta is a spammer driving traffic towards the CPAlead.com affiliate network.

CPAlead affiliates are paid up to a buck or more per "lead".

Here's an iPad offer:

Twitter onMouseOver worm

And here's advice on how to unhack Twitter:

Twitter onMouseOver worm

If you fill out a survey and provide your e-mail address, or download a toolbar, or sign up for an SMS ($/�) service, you'll then be directed to Ask Dave Taylor.

Matsta isn't even providing original content, he's just a proxy, promoting surveys and earning himself money in the process.

Another one of the tweets in Matsta's feed mentioned DanielFarley:

Twitter onMouseOver worm

And one of Farley's tweets refers to this recently created Facebook Page:

Twitter onMouseOver worm

Gascoigne's site at matsta.org Rick Rolled visitors yesterday.

Today, there's a blog:

Twitter onMouseOver worm

Matsta writes:

"I'm going to post my full account of what happened on Twitter this morning."

It should be quite interesting to see what he has to say for himself.

Hopefully Twitter's lawyers are taking notes…