Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Increasingly Using Twitter For Botnets

Posted by CmdrTaco on from the only-a-matter-of-time dept.

Trailrunner7 writes "Spammers aren't the only ones who have figured out that social networks like Twitter and Facebook are good for business. Sophisticated hackers conducting targeted attacks are also using the networks as a tool to manage malware installations on victims' networks. Mandiant's latest "M-Trends" report, released on Thursday, says that the company has observed an increasing number of so-called "Advanced Persistent Threats" that are hijacking legitimate social networks and Web based services, including Facebook, Google Chat and MSN as command and control networks for malware installations. The revelation is part of a larger trend that saw sophisticated attacks on commercial entities outstrip attacks on the networks of government agencies and defense industry players, Mandiant reported."

8 of 56 comments (clear)

  1. Re:Why? by johnncyber · · Score: 2

    Twitter and social networks are more likely to be used by the average person. Whereas IRC has been getting a (undeserved) bad rap for nefarious things.

  2. Re:Why? by rabbit994 · · Score: 4, Informative

    Because you generally have to run your own servers which means you need your own domains (or hijack someone else) and DNS/Domains/Servers become very weak point of failure. Not to mention it's easy to discover viruses if you know which server they are connecting to. GTalk and Twitter traffic is pretty indistinguishable from legit traffic and it's easier to hide.

  3. orly? by kronosopher · · Score: 2

    Twitter is actually good for something after all

  4. Re:Why? by Anonymous Coward · · Score: 5, Insightful

    Companies are more aggressively blocking outbound traffic to services not needed by most users, such as IRC. Whereas egress HTTP/s is almost universally permitted.

  5. Re:Why? by John+Hasler · · Score: 3, Insightful

    I don't understand what the incentive is to stop using IRC for command and control.

    Getting through firewalls, I should imagine. Companies are likely to block IRC but they dare not block Twits-R-us and FaceSpace. Traffic there also seems less likely to trigger IDSs.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  6. A lot of it might have to do by citoxE · · Score: 2

    with how Twitter and various other social networks utilize hyperlinks. The problem is that most URLs are shortened in messages, so all person A has to do is tell person B something is going on, and click the link to find out more. Person A clicks link, silent download commences. It's circumstances like these where I wish URL shortening would just fall off the face of the earth. It just has such a high possibility of being exploited and there's no way to see where the shortened URL will go without using some script, it's just not that safe.

  7. Re:Why? by Lord+Ender · · Score: 2

    Twitter's popularity and reputation mean it is less likely to be blocked, and traffic to it is less likely to be scrutinized by security analysts.

    --
    A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
  8. Using web services to store and transmit data? by BitHive · · Score: 2

    Gee George, deez hackers shore are sophistimacated!