By Dan Goodin in San Francisco
13th August 2009
For the past couple weeks, Twitter has come under attacks that besieged
it with more traffic than it could handle. Now comes evidence that the
microblogging website is being used to feed the very types of infected
machines that took it out of commission.
That's the conclusion of Jose Nazario, the manager of security research
at Arbor Networks. On Thursday, he stumbled upon a Twitter account that
was being used as part of an improvised update server for computers that
are part of a botnet.
The account, which Twitter promptly suspended, issued tweets containing
a single line of text that looked indecipherable to the naked eye. Using
what's known as a base64 decoder, however, the dispatches pointed to
links where infected computers could receive malware updates.
Master command channels used to herd large numbers of infected machines
have long been one of the weak links in the botnet trade. Not only do
they cost money to maintain, but they can provide tell-tale clues that
help law enforcement agents to track down the miscreants running the
rogue networks. Bot herders have used ICQ, internet relay chat, and
other chat mediums to get around this limitation, but this appears to be
the first time Twitter is known to have been employed.
Subscribe to InfoSec News