The Register® — Biting the hand that feeds IT

Feeds

Twitter transformed into botnet command channel

For the past couple weeks, Twitter has come under attacks that besieged it with more traffic than it could handle. Now comes evidence that the microblogging website is being used to feed the very types of infected machines that took it out of commission. That's the conclusion of Jose Nazario, the manager of security research at …

This topic is closed for new posts.
nsld
Paris Hilton

yet another reason why

Twitter needs to be popped down the vets for a lethal injection, its the humane thing to do.

Paris, always up for an injection

Anonymous Coward
Anonymous Coward

So why didn't they...

leave the control channels in place and get the AV vendors to monitor it. The AV vendors could then subscribe to the same feeds and get realtime updates on the malware being pushed out, giving them a leg up on detecting new malware. On top of this they could try and track down the controllers of the botnet and maybe even send details of the zombie PCs to the relevant ISPs.

Cutting of a single control channel is slightly inconvenient for the bad guys, but I bet they have fallback channels to enable them to regain control of their botnets. A bit like a hydra, the channels are quickly replaced and we never really get anywhere against the bad guys.

But then it's not in the interest of AV vendors to solve the problem now is it. They stand to gain a hell of a lot more by just bandaiding the situation.

While I personally profit from helping people get rid of viruses and other malware from their home computers, it is tedious and boring work and I would much rather spend my time on something more interesting.

Anonymous Coward
FAIL

Twitter, twotted!

Bad guys on the Intertubes!

Nasties in the air!

Who'd a thunk it?

Simon C
Paris Hilton

@ AC 01:02

Why give the AV vendors a free ride?

Seriously the law enforcement (in whatever guise that maybe) had a duty to stop these botnets as quick as possible, stopping many people falling victim to its attacks and other dubious uses.

Allowing the control channels to stay open, provided the AV vendors with revenue streams.

IF the AV vendors are as good as they say they are, they should be working to provide solutions without having the control channels open - ergo they should be monitoring them way before the law closes them down.

To provide another analogy, its like police allowing a money-counterfeiting gang to keep operating just so that the companies that detect the fake notes can keep protecting the customers who buy their products. - What about the customers who DO NOT buy their products?

Nah, Im fully in favour of killing it at source.

But this just goes to show that AV vendors are running out of steam and can't provide solutions that dont run your system at 90% cpu and max ram just to compare files against a database all the time.

/paris because word is she doesnt run out of steam.

H 5
Badgers

Begrudging Respect..

I in no way endorse this, but you have to give them credit on the ingenuity front.

Lionel Baden

@AC 01:02

yup that woudl be a good idea and intelligent but im afraid in the real world that seldom happens

JohnG

"So why didn't they.."

If they (Twitter) had left it in place, Twitter would likely have had some legal responsibility for subsequent victims and any losses they suffered.

It is interesting that some of the malware included apparently uses a website at bancobrasil to store stolen information. I wouldn't be comfortable being a customer of said bank if I knew someone was using their servers for nefarious purposes, apparently without the bank having any knowledge of such activity.

Efros
Paris Hilton

Well at least

Someone has found a use for it.

Paris doesn't tweet but she does have a ...

Anonymous Coward
Grenade

Why not send them a patch to fix it?

If twitter has complete control over all the channels, why don't they just publish a false update that would remove the bot software, essentially killing the entire botnet. Rather than just force the botnet owner to go to their backup channels, they would shut down the entire botnet at once...

Of course you'd probably need to do quite a lot of reverse engineering to work out what kind of format the patches are in, and I would imagine the botnet creator signs their patches in order to stop rogue software installations.

Jimbob 3
Joke

Update

Jeez, they could have called the username something other than 'update' in leet speak. Maybe it would have been harder to find? Duuurrrr

Disco-Legend-Zeke

i see crypto lines in yahoo chatrooms

but they don't have the reach of twitter.

i always assumed they were being used as stego communications

Andy Blackburn
Thumb Up

I wonder how...

many more controlling accounts are registered on twitter, controlling said botnet. I'm with "H 5" on this one... I don't condone it, but 10/10 for smart-arsed-ness!

Arowx.com

Not to be confused with...

#mmjChallenge[CqPSy8qqd7IW4POiaRAwbjyMmtYRrGdi]

Tweets my new game uses as a way of passing challenges from player to player!

Check out http://mmj.arowx.com for latest details, it’s coming soon!

twitter@arowxGames

cybersaur 1
Stop

Twits

And this is why we block Twitter at the firewall.

Nexox Enigma

Wow...

This must be the most useful thing anyone has tried on Twitter. I hope Kaminsky doesn't read this, or he'll be tunneling TCP over Twitter next Defcon...

Joe 35
WTF?

"And this is why we block Twitter at the firewall."

Errrrrmmm ...because you have lots of infected computers behind it?

This topic is closed for new posts.