Twitter used as botnet command-and-control center

By Angela Moscaritolo

June 18, 2010 Updated Aug 14, 2009 at 11:31 AM EST

After Twitter was itself recently crippled by a cyberattack, new evidence indicates the microblogging site has been used as the key part of an information-stealing botnet operation, said Jose Nazario, manager of security research at Arbor Networks. Nazario on Thursday discovered a Twitter account that was being used as the command-and-control hub to issue instructions to infected computers that are part of a botnet. Tweets coming from the malicious account, called “upd4t3,” were encoded and looked like a random combination of letters and numbers. But the tweets were actually being used to issue new instructions to bots.The account since has been suspended.“These were existing infected PCs and the master piece of malware was listening to the status updates on the Twitter command to update the malware on the machine,” Nazario told SCMagazineUS.com on Friday. The malware on the zombie machines was being updated via Twitter every few hours to avoid anti-virus detection, Nazario said. The majority of the infected computers are located in Brazil, and the purpose of the criminal operation appears to be stealing login credentials for Brazilian banks.Twitter quickly took down the account after Nazario notified them about it, he said. This bot herder is likely using other Twitter accounts for the same purpose, and other criminals are probably using this method too. “It's not the only botnet using Twitter, and now we begin the process of finding more,” Nazario said.A Twitter spokesperson did not respond to a request for comment on Friday.Previously, criminals often used a popular chat protocol called Internet Relay Chat (IRC) for their botnet command and control centers, Nazario said. But around 2006, IRC started being very well monitored and cybercriminals largely moved away from this technology to fuel their botnets. Nazario said Twitter was probably used as this botnet's command and control center because, with so many people posting to Twitter every second, it makes for an easy place to hide. In addition, the criminal behind this operation was probably using Twitter for the novelty of it, since nobody has been caught using this technique before.




What are your thoughts CLICK HERE to leave us a "QUESTION OF THE DAY” comment.

Want to be in the know for the next weather event, the next school closing or the next big breaking news story?

TextCaster alerts from 21Alive.com are your defining source for instant information delivered right to your cell phone and email. It's free, easy and instant. Sign-Up Now!

Powered by Summit City Chevrolet



© Copyright 2014, A Granite Broadcasting Station. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

To submit a comment on this article, your email address is required. We respect your privacy and your email will not be visible to others nor will it be added to any email lists.