Twitter As A Botnet Command Center


The folks over at Arbor Networks were browsing Twitter and discovered something very strange: a Twitter account seemingly posting gibberish. At least, that’s how it appeared at first. Upon closer investigation, they discovered that the profile was posting base64 encoded links to PKZIP archives. When they extracted the contents and unpacked the contained DLL and EXE files, they discovered that the account was posing links to malware that would post user information back to certain URLs. The article was also updated to show that the scheme wasn’t limited to Twitter, but also affected users on Jaiku and Tumblr. It’s a bit scary to see that all malware isn’t as blatantly obvious as we usually would think it to be.

7 thoughts on “Twitter As A Botnet Command Center

  1. Lame. Base64 for a ~18 character string? Twitter has 140 characters to work with and he couldn’t think of a less suspicious form of encoding? Could have even chopped off the ‘http://’ to get a ~11 characters. I’m really disappointed in this guy. There’s no ingenuity in this.

  2. It looks like a weak link, hijack the account and you can order the whole botnet to autodestruct (I guess twitter would have no problem giving access to these accounts if it can fight malware). Or is it just one of many update paths ?

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.