Twitter Used to Manage Botnet, Says Security Expert

A security researcher has found that hackers are using Twitter as a means to distribute instructions to a network of compromised computers, known as a botnet.

By Mikael Ricknäs
Fri, August 14, 2009

IDG News Service — A security researcher has found that hackers are using Twitter as a means to distribute instructions to a network of compromised computers, known as a botnet.

The traditional way of managing botnets is using IRC, but botnet owners are continuously working on finding new ways of keeping their networks up and running, and Twitter seems to be the latest trick.

A now-suspended Twitter account was being used to post tweets that had links new commands or executables to download and run, which would then be used by the botnet code on infected machines, wrote Jose Nazario, manager of security research at Arbor Networks, on in a blog posting on Thursday.

"I spotted it because a bot uses the RSS feed to get the status updates," Nazario wrote.

The account, called "Upd4t3", is under investigation by Twitter's security team, according to Nazario. But the account is just one of what appear to be a handful of Twitter command and control accounts, Nazario wrote.

Botnets can, for example, be used to send spam or carry out distributed denial-of-service attacks, which Twitter itself became the victim of last week. The botnet Nazario found is "an infostealer operation," a type that can be used to steal sensitive information such as login credentials from infected computers.

Our Commenting Policies