Skip to Content
Uncategorized

Botnets Go Public by Tweeting on Twitter

Bot operators push their command-and-control channels back into the public eye by tweeting updates.
August 17, 2009

Twitter is such a craze, even bot masters feel the need to jump on the social-networking service.

On Thursday, a researcher with network-security firm Arbor Networks revealed that some bot masters are using the microblogging service to communicate with collections of compromised computers.

Jose Nazario, manager of security research for Arbor Networks, began investigating the connection between botnets and Twitter after spotting a strange-looking feed on the social network. As it turns out, what appeared to be scrambled status updates were in fact a series of obfuscated links to malicious software updates for a relatively new botnet. Following the links, which redirected through the URL-shortening service Bit.ly, resulted in users downloading a compressed file.

“What we found was a base-64 encoded ZIP file,” says Nazario. “When you unpack the file and try to do a detection on the two files inside, it had weak detection.” In other words, only 44 percent of antivirus engines detected the original bot software and less than half of those detected the updates.

A study of over 1.1 million botnet submissions over a two-year period found that the use of IRC for communications was in decline. (Source: “A View on Current Malware Behaviors,” Bayer et al.)

Bot operators moved away from public command-and-control channels because security researchers have had too much success analyzing the botnets that use such communications as Internet relay chat (IRC). In a recent paper, Ulrich Bayer, of the Technical University of Vienna, and his colleagues documented the drop in use of IRC for command and control between the start of 2007 and the end of 2008.

Yet, Nazario argues that it will be easy to hide in the noise of Twitter. Because shortened URLs are so common, and services such as Bit.ly have trouble scanning the destination of every link they handle, defending against botnets who abuse Twitter as a communications medium will be hard, he says.

“There are so many Twitter accounts, it would be pretty easy to hide in the fray,” Nazario says.

Deep Dive

Uncategorized

Our best illustrations of 2022

Our artists’ thought-provoking, playful creations bring our stories to life, often saying more with an image than words ever could.

How CRISPR is making farmed animals bigger, stronger, and healthier

These gene-edited fish, pigs, and other animals could soon be on the menu.

The Download: the Saudi sci-fi megacity, and sleeping babies’ brains

This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology. These exclusive satellite images show Saudi Arabia’s sci-fi megacity is well underway In early 2021, Crown Prince Mohammed bin Salman of Saudi Arabia announced The Line: a “civilizational revolution” that would house up…

10 Breakthrough Technologies 2023

Every year, we pick the 10 technologies that matter the most right now. We look for advances that will have a big impact on our lives and break down why they matter.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.