Twitter Used To Control Botnet Machines 127
DikSeaCup writes "Arbor Network's Jose Nazario, an expert on botnets, discovered what looks to be the first reported case of hackers using Twitter to control botnets. 'Hackers have long used IRC chat rooms to control botnets, and have continually used clever technologies, such as peer-to-peer strategies, to counter efforts to track, disrupt and sometimes decapitate the bots. Perhaps what's surprising then is that it's taken so long for hackers to take Twitter to the dark side.' The next step, of course, is to code the tweets in such a way that they aren't so suspicious."
sweet (Score:2, Insightful)
More reasons to hate Twitter
Reliable (Score:5, Insightful)
It's not suspicious already (Score:3, Insightful)
http://www.wired.com/images_blogs/threatlevel/2009/08/botnet_arbor.jpg [wired.com]
Re:Alas, Babylon (Score:5, Insightful)
That's actually an interesting thought... it was sending obfuscated URLs to code that the zombie bots would download and execute.
Wouldn't it make sense, rather than having Twitter simply kill the account, to allow the "good" guys to craft some sort of zombie-self-destruct and tweet its URL over the account? Imagine, all the bots automatically downloading and executing a specially designed tool that removes the malicious trojan...
Re:Holy shit! (Score:5, Insightful)
Re:Alas, Babylon (Score:1, Insightful)
Code signing. Conficker did this, other bot nets probably do too. They simply will not execute a module that hasn't been signed by the correct private key.
Similarly, most botnets do not possess internal "shut down" commands. This is precisely to prevent the good guys from telling the net to stop itself. Even the creator of the net can't stop it (unless they distribute a cryptographically signed update which enables it)
Let's face it, all joking aside (Score:3, Insightful)
There ain't any technology that one human(s) can come up with that another human(s) can't corrupt.
I don't care how quick, savvy or exotic you are, you're not going to foil everyone forever. I figure it's just a state of grace we have: there's a situation whereby the technology is benign, if asinie; a state whereby it's corrupted, abused and malicious; and a state whereby it's antiquated, unused, and maligned.
I hope Twitter's now made it to that last stage now.
Re:sweet (Score:3, Insightful)
Quite possibly. My objection to twitter is the same as all bandwidth-limited Web 2.0 solutions; shorter messages encourage bad grammar and worse content.
And at 120 chars, that makes the bad grammar and worse content *very bad*.