Slashdot Mirror

← Back to Stories (view on slashdot.org)

Twitter Used To Control Botnet Machines

Posted by ScuttleMonkey on from the it's-all-spam-to-me dept.

DikSeaCup writes "Arbor Network's Jose Nazario, an expert on botnets, discovered what looks to be the first reported case of hackers using Twitter to control botnets. 'Hackers have long used IRC chat rooms to control botnets, and have continually used clever technologies, such as peer-to-peer strategies, to counter efforts to track, disrupt and sometimes decapitate the bots. Perhaps what's surprising then is that it's taken so long for hackers to take Twitter to the dark side.' The next step, of course, is to code the tweets in such a way that they aren't so suspicious."

2 of 127 comments (clear)

  1. Interesting code actually... by 0100010001010011 · · Score: 4, Informative

    From the looks of it it's all base64 encoded shortened URLs.

    aHR0cDovL2 is http:///
    aHR0cDovL2JpdC5seS is http://bit.ly/

    The first one is clipped.
    The rest go to a pastebinish sites which have gbpm.exe encoded as Base64. It also appears the base64 is different but the exe has the same name (I'm guessing it's changed 'output'?)

    http://rifers.org/paste/content/paste/9507/body?key=upd4t3
    http://rifers.org/paste/content/paste/9508/body?key=upd4t3
    http://rifers.org/paste/content/paste/9509/body?key=upd4t3

    They also use Pastebin (http://pastebin.com/pastebin.php?dl=m49f3b4c2) and Debian.net (http://paste.debian.net/44059/download/44059) but both of those file have been deleted.

  2. Re:Holy shit! by timeOday · · Score: 3, Informative

    I think he's right. I asked a twit co-worker what the heck it was for, and he said aggregating all the various sorts of information, email, texts, rss, etc. My question was why did we split them up in the first place? It should all be email. (Especially texts, I'll never accept that one). Now get off my Korean lawn.