Bot Network Uses Twitter


Recommended Posts

14 August 2009, 12:44

Bot network uses Twitter

Apparently, the current hype about Twitter has not passed malware writers by. Jose Nazario of Arbor appears to have discovered a bot-net that users the Twitter micro-blogging service for its communication. In a blog entry, Nazario tells of a Twitter account "upd4t3" (leet-speak for "update") whose messages seem to be Base64 encoded. He suspects the account may be used to control a bot network through allowing its clients to pick up orders. The concept is not entirely new; in 2007, The H reported on a trojan using Web-2.0-sites like MySpace for communication.

We could not verify whether the, now suspended, Twitter account did control a bot network, but it definitely looks like something suspicious was afoot. The H's associates at heise Security decoded one message which used the URL shortening service bit.ly to point to the paste zone of the Debian project. The paste zone service allows users to upload messages and text and that content is made available at a particular URL. The message in this case contained a Base64-encoded file which revealed itself to be a ZIP archive with two UPX compressed files.

Preliminary analysis indicates these are phishing trojans aimed at a Brazilian bank. The detection of these files by anti-virus programs is very poor; the packed binaries produced only heuristic warnings. Only Sophos gave the unpacked version a unique identifier of "Mal/Banc-A".

Heise security - http://www.h-online.com/security/Bot-netwo...r--/news/114005

and at cnet - http://news.cnet.com/security/

>>>>>>>>>>>>>>>>>>>>

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...