Twitter used to manage botnet, says security expert

Infected PCs received an RSS feed containing new instructions

By Mikael Ricknäs, IDG News Service
August 14, 2009 05:31 AM ET

. What's this?

A security researcher has found that hackers are using Twitter as a means to distribute instructions to a network of compromised computers, known as a botnet.

The traditional way of managing botnets is using IRC, but botnet owners are continuously working on finding new ways of keeping their networks up and running, and Twitter seems to be the latest trick.

The botnet world is booming

A now-suspended Twitter account was being used to post tweets that had links new commands or executables to download and run, which would then be used by the botnet code on infected machines, wrote Jose Nazario, manager of security research at Arbor Networks, on in a blog posting on Thursday.

Related Content

"I spotted it because a bot uses the RSS feed to get the status updates," Nazario wrote.

The account, called "Upd4t3", is under investigation by Twitter's security team, according to Nazario. But the account is just one of what appear to be a handful of Twitter command and control accounts, Nazario wrote.

Botnets can, for example, be used to send spam or carry out distributed denial-of-service attacks, which Twitter itself became the victim of last week. The botnet Nazario found is "an infostealer operation," a type that can be used to steal sensitive information such as login credentials from infected computers.

The IDG News Service is a Network World affiliate.