[ISN] Twitter transformed into botnet command channel

From: InfoSec News <alerts_at_private>
Date: Fri, 14 Aug 2009 04:22:31 -0500 (CDT)
http://www.theregister.co.uk/2009/08/13/twitter_master_control_channel/

By Dan Goodin in San Francisco
The Register
13th August 2009

For the past couple weeks, Twitter has come under attacks that besieged 
it with more traffic than it could handle. Now comes evidence that the 
microblogging website is being used to feed the very types of infected 
machines that took it out of commission.

That's the conclusion of Jose Nazario, the manager of security research 
at Arbor Networks. On Thursday, he stumbled upon a Twitter account that 
was being used as part of an improvised update server for computers that 
are part of a botnet.

The account, which Twitter promptly suspended, issued tweets containing 
a single line of text that looked indecipherable to the naked eye. Using 
what's known as a base64 decoder, however, the dispatches pointed to 
links where infected computers could receive malware updates.

Master command channels used to herd large numbers of infected machines 
have long been one of the weak links in the botnet trade. Not only do 
they cost money to maintain, but they can provide tell-tale clues that 
help law enforcement agents to track down the miscreants running the 
rogue networks. Bot herders have used ICQ, internet relay chat, and 
other chat mediums to get around this limitation, but this appears to be 
the first time Twitter is known to have been employed.

[...]


________________________________________
Subscribe to InfoSec News
http://www.infosecnews.org
Received on Fri Aug 14 2009 - 02:22:31 PDT

This archive was generated by hypermail 2.2.0 : Fri Aug 14 2009 - 02:30:49 PDT