Thursday, 20 August 2009 08:05

Twitter controls botnets

Some of the latest botnets are using carefully crafted tweets as a command-and-control mechanism.

I guess we shouldn't be surprised that this is happening; after-all, Twitter is a very open communications platform without any in-built delays or message checking.

Recent reports from Symantec and Arbor Networks clearly demonstrate that the recently suspended Twitter account upd4t3 was sending botnet control messages to a small army of followers (oddly, just 20 according to an image on the Arbor Networks site, although there are other ways to receive messages that don't involve being a follower).

The analysis on the Arbor Networks site makes interesting reading – the bot being controlled by the tweets was (at the time of writing) being detected by around half of the 41 AV programs under evaluation by Virus Total.  Interestingly, many of the major AV players were not detecting it; look for yourself at the list.

Ok, so what do we do?  The short answer is 'nothing.'

After-all, Twitter is just one of many methods bots could be controlled – shutting it down would be akin to turning off all telephony just because criminals use it.  Also, shutting off the command-and-control network doesn't stop the nefarious software on your PC continuing to do its work of (potentially) stealing passwords or infecting others, it simply stops getting updated, which potentially makes it harder to detect.

It's a jungle out there... be aware, but don't stop using Twitter.

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.



Recent Comments