Twitter Used to Manage Botnet, Says Security Expert

A security researcher has found that hackers are using Twitter as a means to distribute instructions to a network of compromised computers, known as a botnet.

A security researcher has found that hackers are using Twitter as a means to distribute instructions to a network of compromised computers, known as a botnet.

The traditional way of managing botnets is using IRC, but botnet owners are continuously working on finding new ways of keeping their networks up and running, and Twitter seems to be the latest trick.

A now-suspended Twitter account was being used to post tweets that had links new commands or executables to download and run, which would then be used by the botnet code on infected machines, wrote Jose Nazario, manager of security research at Arbor Networks, on in a blog posting on Thursday.

"I spotted it because a bot uses the RSS feed to get the status updates," Nazario wrote.

The account, called "Upd4t3", is under investigation by Twitter's security team, according to Nazario. But the account is just one of what appear to be a handful of Twitter command and control accounts, Nazario wrote.

Botnets can, for example, be used to send spam or carry out distributed denial-of-service attacks, which Twitter itself became the victim of last week. The botnet Nazario found is "an infostealer operation," a type that can be used to steal sensitive information such as login credentials from infected computers.

To comment on this article and other CIO content, visit us on Facebook, LinkedIn or Twitter.
Download the CIO October 2016 Digital Magazine
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.