A researcher here today released a free tool that impersonates a Twitter user's account in order to execute automated targeted attacks on the person's followers. Pedro Varangot, a security researcher with Core Security Labs, says the group wrote the tool as a way to demonstrate and test for how social networks can be used for spear phishing.
The initial version executes attacks on Twitter, but Varangot says it can be extended to work against Facebook and other social networks. The tool is based on Core's Exomind, an experimental Python-based framework written to test social network, search engines, and instant messaging attacks.

"We think spear phishing attacks are going to go [beyond] email because people aren't trusting email [as much] anymore," Varangot says. Social networks are already becoming a popular attack vector for spammers and worm attacks, and they make an attractive target for spear phishing, as well.

The link for this article located at Dark Reading is no longer available.