Twitter Used to Control Data-Stealing Botnet

 
 
By Brian Prince  |  Posted 2009-08-14 Email Print this article Print
 
 
 
 
 
 
 

It's been a tough week for Twitter. First DDoS attacks. Now Arbor Networks security researcher Jose Nazario has come across something more troublesome - a botnet using Twitter for its command-and-control.

According to Nazario, the botnet uses the micro-blogging service's status messages to communicate to compromised machines. The tweets contain obfuscated links to sites with new commands and executables to download and run.

As Twitter has grown in popularity, it has become a source of increasing interest for attackers. Last month for example, Koobface - the worm that made headlines for squiggling around Facebook and MySpace - made an appearance on Twitter.

But using the micro-blogging service as a means to control bots is an interesting twist. In a blog post, Nazario outlines how he unpacked one of the update messages and uncovered hidden links the bot will send data to. Some of the links may be tied to Brazilian cyber-criminals known for banking Trojans.

Nazario wrote that he spotted the rogue account because a bot used the RSS feed to get the status updates.

"It's an infostealer operation," he blogged.

The account appears to be one of a handful of Twitter C&C accounts, he added.

 
 
 
 
del.icio.us | digg.com
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Close
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel