Twitter Used to Control Botnets


« Critical Security Patches to Mozilla Firefox | Main | More Warnings about Flash/Acrobat Reader Vulnerabilities »

08/15/2009



Twitter Used to Control Botnets

Kevin R. Smith
Co-Editor


Jose Nazario, who's well-known in computer security circles and is also a well-regarded botnet researcher, has made some interesting discoveries about botnets and the darling social media site, Twitter.com.

What he's discovered is that botnet operators are using Twitter's micro-blogs to send command-and-control messages to botnets.

In an article on wired.com on how the malware operators are using Twitter to control botnets it explains,

"tweets turned out to be obfuscated links to sites where further malicious code and instructions could be downloaded."

In a post to the Arbor Networks blog he discusses his findings about Botnets and Twitter. Jose says,

"While digging around I found a botnet that uses Twitter as its command and control structure.

"...what it does is use the status messages to send out new links to contact, then these contain new commands or executables to download and run.

"It’s an info-stealer operation."

There are a couple of interesting things about these findings:

First of all, this means a whole new level of obfuscation for the writers of viruses, trojans, spyware, and all sorts of other malware, as they're able to hide their controls behind a real company.

In doing so, they're even better able to hide who they are and how their malware networks work.

Further, they're also able to move to a very, very reliable service (i.e. Twitter), and in doing so alleviate some of their own infrastructure problems. After all, even with the couple of outages Twitter has had since it really began to grow in popularity, it's still a highly reliable site.

This means, even if the botnet operators' own servers fail or are attacked, they can easily move things to another location and just make another "Tweet" (posting) to Twitter, and instruct the PCs in their control to go elsewhere for the latest instructions.

As to the question of whether or not PCs are being infected just from visiting Twitter, that definitely doesn't appear the case (at least not just yet), nor does the service appear to be any more vulnerable to becoming that type of virus-spreading mechanism than any other website.

In other words, yes, it's still safe to use Twitter. Regardless of it being "safe" in that respect, it's still smart to run antivirus software.

There's really no substitute for an Internet security suite because A/V and firewall software, which are the two cornerstones of Internet security software, are your best line of defense to ensure your computer stays clean of viruses, trojans, and the like and doesn't become a part of a botnot.

TrackBack

TrackBack URL for this entry:
https://www.typepad.com/services/trackback/6a0133f40d81f4970b013487649124970c

Listed below are links to weblogs that reference Twitter Used to Control Botnets :

Comments

You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.