Trojan authors are always on the lookout for suitable, practical command and control mechanisms.  Let's roll out another one.

Less than a month ago, I wrote about Trojan authors using Twitter as a Command-and-Control mechanism.  One couldn't imagine that this was the only new innovation and, sure-enough, it wasn't.  Just a few days ago, Symantec's Gavin O Gorman wrote of a new mechanism for Trojans to communicate – Google groups!

Without reliable communications, botnets are essentially a one-use tool.  However, once there is a two-way communications mechanism, they are a very useful device for a variety of purposes.  Even with the ability to change their use mid-stream.

Trojan authors have explored a variety of methods to manage their botnets.  There are endless tales of IRC, ICQ and any other chat channel being used as command mechanisms.

The latest method, as described by Gorman at Symantec, uses encrypted Google group postings to communicate.  There is of course a downside.  Google groups message are (mostly) anonymous, however they are not hidden.  Messages to the newsgroup cannot be instantly removed, as Symantec researchers found; leaving a trail easily followed.

Gorman suggests in the blog that this is only an experiment into the potential uses of Google Groups as a Command-and-Control mechanism.  Furthermore, due to the low profile it attempts to maintain, this appears to be an extensive experiment into methods of wider attack.

Currently, there are very few machines affected.  Unfortunately, for the Trojan authors, there may not be many more as the method has been exposed to the light of day.

The lessons?  For Internet users, very few, nothing seems to bother joe-user; for Trojan authors, more useful information; for anti-malware authors, an intriguing new vector to watch.

The arms race continues unabated.