Recent reports from Symantec and Arbor Networks clearly demonstrate that the recently suspended Twitter account upd4t3 was sending botnet control messages to a small army of followers (oddly, just 20 according to an image on the Arbor Networks site, although there are other ways to receive messages that don't involve being a follower).

The analysis on the Arbor Networks site makes interesting reading – the bot being controlled by the tweets was (at the time of writing) being detected by around half of the 41 AV programs under evaluation by Virus Total.  Interestingly, many of the major AV players were not detecting it; look for yourself at the list.

Ok, so what do we do?  The short answer is 'nothing.'

After-all, Twitter is just one of many methods bots could be controlled – shutting it down would be akin to turning off all telephony just because criminals use it.  Also, shutting off the command-and-control network doesn't stop the nefarious software on your PC continuing to do its work of (potentially) stealing passwords or infecting others, it simply stops getting updated, which potentially makes it harder to detect.

It's a jungle out there... be aware, but don't stop using Twitter.