Twitter Used To Control Botnet Machines

DikSeaCup writes "Arbor Network's Jose Nazario, an expert on botnets, discovered what looks to be the first reported case of hackers using Twitter to control botnets. 'Hackers have long used IRC chat rooms to control botnets, and have continually used clever technologies, such as peer-to-peer strategies, to counter efforts to track, disrupt and sometimes decapitate the bots. Perhaps what's surprising then is that it's taken so long for hackers to take Twitter to the dark side.' The next step, of course, is to code the tweets in such a way that they aren't so suspicious."

please do go down that rabbit hole ...

[neonprimetime]

There's something ironic about this finding, given that Russian hackers allegedly used a botnet to take Twitter down for two days last week. But we won't go down that rabbit hole.

You go Jose!

[GPLDAN]

Jose and those guys at Arbor are doing really concrete things to curb botnets and malware contagion. They have their gear in a great number of peering points around the world, and are correlating huge amounts of data into discrete patterns. I've seen Jose speak a couple of times, and I am impressed by the manner in which they are finding the ghosts who think they can't be found.

Crowdsourced botnet

[Kligat]

Wouldn't it be weird if someone made a botnet that would follow the directions of anyone that posted on Twitter, with people being able to suggest one command per day that would get upped or down by the masses? Aside from the programmer, who would be held responsible if it were operated like that?

Twitter and many others!

[hesaigo999ca]

Anything that can be pinged and return any sort of tcp/ip packets could be a control center if the contents of the packets can actually
be translatable and have been mapped accordingly.

ie- ftp server has certain verbose return that may be configured based on what is being done, so the botnet program calls home to an ftp server...looking like a plain jane communication to any one looking. It tries a few different commands to which the ftp server can reply (with error messages) it can not proceed, however inside the ftp server error message is a text string that contains certain
key phrases.

This scenario is similar to steganography, of hiding in plain sight, inside an image, the contents of data....
I think it's cool to be able to pass off information that is hidden to regular onlookers, but is a lot of coding for nothing if you ask me.

Set up a twitter account where a particular page has the commands for all your bots to follow, and....wait a minute....

Re:You go Jose!

[99BottlesOfBeerInMyF]

I've seen Jose speak a couple of times, and I am impressed by the manner in which they are finding the ghosts who think they can't be found.

I haven't talked to Jose for a while, but last I heard he and the other guys were doing well finding new types of malware and separating out malicious network traffic that is hard to differentiate from legitimate traffic. That said, they were not really doing things to find the one off attacks perpetrated by people who weren't interested in large scale and automated network attacks. The people I'd call ghosts are the ones who do small scale, specifically targeted attacks to get what they want, then walk away. If you're running a botnet, you aren't being very ghostlike; maybe more vampire like :)