Twitter is such a craze, even bot masters feel the need to jump on the social-networking service.
On Thursday, a researcher with network-security firm Arbor Networks revealed that some bot masters are using the microblogging service to communicate with collections of compromised computers.
Jose Nazario, manager of security research for Arbor Networks, began investigating the connection between botnets and Twitter after spotting a strange-looking feed on the social network. As it turns out, what appeared to be scrambled status updates were in fact a series of obfuscated links to malicious software updates for a relatively new botnet. Following the links, which redirected through the URL-shortening service Bit.ly, resulted in users downloading a compressed file.
“What we found was a base-64 encoded ZIP file,” says Nazario. “When you unpack the file and try to do a detection on the two files inside, it had weak detection.” In other words, only 44 percent of antivirus engines detected the original bot software and less than half of those detected the updates.
Bot operators moved away from public command-and-control channels because security researchers have had too much success analyzing the botnets that use such communications as Internet relay chat (IRC). In a recent paper, Ulrich Bayer, of the Technical University of Vienna, and his colleagues documented the drop in use of IRC for command and control between the start of 2007 and the end of 2008.
Yet, Nazario argues that it will be easy to hide in the noise of Twitter. Because shortened URLs are so common, and services such as Bit.ly have trouble scanning the destination of every link they handle, defending against botnets who abuse Twitter as a communications medium will be hard, he says.
“There are so many Twitter accounts, it would be pretty easy to hide in the fray,” Nazario says.
Embracing CX in the metaverse
More than just meeting customers where they are, the metaverse offers opportunities to transform customer experience.
Identity protection is key to metaverse innovation
As immersive experiences in the metaverse become more sophisticated, so does the threat landscape.
The modern enterprise imaging and data value chain
For both patients and providers, intelligent, interoperable, and open workflow solutions will make all the difference.
Scientists have created synthetic mouse embryos with developed brains
The stem-cell-derived embryos could shed new light on the earliest stages of human pregnancy.
Get the latest updates from
MIT Technology Review
Discover special offers, top stories, upcoming events, and more.