back to article Twitter transformed into botnet command channel

For the past couple weeks, Twitter has come under attacks that besieged it with more traffic than it could handle. Now comes evidence that the microblogging website is being used to feed the very types of infected machines that took it out of commission. That's the conclusion of Jose Nazario, the manager of security research …


This topic is closed for new posts.
  1. nsld
    Paris Hilton

    yet another reason why

    Twitter needs to be popped down the vets for a lethal injection, its the humane thing to do.

    Paris, always up for an injection

  2. Anonymous Coward
    Anonymous Coward

    So why didn't they...

    leave the control channels in place and get the AV vendors to monitor it. The AV vendors could then subscribe to the same feeds and get realtime updates on the malware being pushed out, giving them a leg up on detecting new malware. On top of this they could try and track down the controllers of the botnet and maybe even send details of the zombie PCs to the relevant ISPs.

    Cutting of a single control channel is slightly inconvenient for the bad guys, but I bet they have fallback channels to enable them to regain control of their botnets. A bit like a hydra, the channels are quickly replaced and we never really get anywhere against the bad guys.

    But then it's not in the interest of AV vendors to solve the problem now is it. They stand to gain a hell of a lot more by just bandaiding the situation.

    While I personally profit from helping people get rid of viruses and other malware from their home computers, it is tedious and boring work and I would much rather spend my time on something more interesting.

  3. Anonymous Coward

    Twitter, twotted!

    Bad guys on the Intertubes!

    Nasties in the air!

    Who'd a thunk it?

  4. Simon C
    Paris Hilton

    @ AC 01:02

    Why give the AV vendors a free ride?

    Seriously the law enforcement (in whatever guise that maybe) had a duty to stop these botnets as quick as possible, stopping many people falling victim to its attacks and other dubious uses.

    Allowing the control channels to stay open, provided the AV vendors with revenue streams.

    IF the AV vendors are as good as they say they are, they should be working to provide solutions without having the control channels open - ergo they should be monitoring them way before the law closes them down.

    To provide another analogy, its like police allowing a money-counterfeiting gang to keep operating just so that the companies that detect the fake notes can keep protecting the customers who buy their products. - What about the customers who DO NOT buy their products?

    Nah, Im fully in favour of killing it at source.

    But this just goes to show that AV vendors are running out of steam and can't provide solutions that dont run your system at 90% cpu and max ram just to compare files against a database all the time.

    /paris because word is she doesnt run out of steam.

  5. H 5

    Begrudging Respect..

    I in no way endorse this, but you have to give them credit on the ingenuity front.

  6. Lionel Baden

    @AC 01:02

    yup that woudl be a good idea and intelligent but im afraid in the real world that seldom happens

  7. JohnG

    "So why didn't they.."

    If they (Twitter) had left it in place, Twitter would likely have had some legal responsibility for subsequent victims and any losses they suffered.

    It is interesting that some of the malware included apparently uses a website at bancobrasil to store stolen information. I wouldn't be comfortable being a customer of said bank if I knew someone was using their servers for nefarious purposes, apparently without the bank having any knowledge of such activity.

  8. Efros
    Paris Hilton

    Well at least

    Someone has found a use for it.

    Paris doesn't tweet but she does have a ...

  9. Anonymous Coward

    Why not send them a patch to fix it?

    If twitter has complete control over all the channels, why don't they just publish a false update that would remove the bot software, essentially killing the entire botnet. Rather than just force the botnet owner to go to their backup channels, they would shut down the entire botnet at once...

    Of course you'd probably need to do quite a lot of reverse engineering to work out what kind of format the patches are in, and I would imagine the botnet creator signs their patches in order to stop rogue software installations.

  10. Jimbob 3


    Jeez, they could have called the username something other than 'update' in leet speak. Maybe it would have been harder to find? Duuurrrr

  11. Disco-Legend-Zeke

    i see crypto lines in yahoo chatrooms

    but they don't have the reach of twitter.

    i always assumed they were being used as stego communications

  12. Andy Blackburn
    Thumb Up

    I wonder how...

    many more controlling accounts are registered on twitter, controlling said botnet. I'm with "H 5" on this one... I don't condone it, but 10/10 for smart-arsed-ness!


    Not to be confused with...


    Tweets my new game uses as a way of passing challenges from player to player!

    Check out for latest details, it’s coming soon!


  14. cybersaur 1


    And this is why we block Twitter at the firewall.

  15. Nexox Enigma


    This must be the most useful thing anyone has tried on Twitter. I hope Kaminsky doesn't read this, or he'll be tunneling TCP over Twitter next Defcon...

  16. Joe 35

    "And this is why we block Twitter at the firewall."

    Errrrrmmm ...because you have lots of infected computers behind it?

This topic is closed for new posts.

Other stories you might like