Comments on: Twitter Being Used As Botnet Command Channel http://www.darknet.org.uk/2009/08/twitter-being-used-as-botnet-command-channel/ Ethical Hacking, Penetration Testing & Computer Security Tue, 14 Feb 2012 00:17:07 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Morgan Storey http://www.darknet.org.uk/2009/08/twitter-being-used-as-botnet-command-channel/#comment-158729 Morgan Storey Wed, 19 Aug 2009 00:41:13 +0000 http://www.darknet.org.uk/?p=2024#comment-158729 Didn't conficker get its command and control from websites and a long list of domains, also using p2p between bots, I am sure I even read about one that generated blogspot sub domains and visited their for their C&C. It is a natural progression. The bot programmers will obfuscate and disperse their C&C infrastructure so that it is both difficult to find and nice and distributed on free services, it seems common sense to me, like a story I heard a few years ago about a terrorist cell comunicating via a public messaging board using keywords in their usually on topic posts, combined with images posted that contained stenographically encapsulated data. Or back in WW1 and WW2 ending news broadcasts with non-sensical messages as a way to communicate with the resistance. What is being done now has been done before. Didn’t conficker get its command and control from websites and a long list of domains, also using p2p between bots, I am sure I even read about one that generated blogspot sub domains and visited their for their C&C. It is a natural progression.
The bot programmers will obfuscate and disperse their C&C infrastructure so that it is both difficult to find and nice and distributed on free services, it seems common sense to me, like a story I heard a few years ago about a terrorist cell comunicating via a public messaging board using keywords in their usually on topic posts, combined with images posted that contained stenographically encapsulated data. Or back in WW1 and WW2 ending news broadcasts with non-sensical messages as a way to communicate with the resistance.
What is being done now has been done before.

]]> By: sighK http://www.darknet.org.uk/2009/08/twitter-being-used-as-botnet-command-channel/#comment-158711 sighK Mon, 17 Aug 2009 22:46:46 +0000 http://www.darknet.org.uk/?p=2024#comment-158711 Maybe they can use that to their advantage, twitter can see how it works, then block the person from logging on and then post something to make them all delete themselves Maybe they can use that to their advantage, twitter can see how it works, then block the person from logging on and then post something to make them all delete themselves

]]> By: Paul http://www.darknet.org.uk/2009/08/twitter-being-used-as-botnet-command-channel/#comment-158708 Paul Mon, 17 Aug 2009 16:45:38 +0000 http://www.darknet.org.uk/?p=2024#comment-158708 If anyone is interested in taking apart the malware that was being propagated in this botnet, I wrote up a post of my experiences, along with malware samples should you wish to follow along: http://wp.me/pBV1X-n If anyone is interested in taking apart the malware that was being propagated in this botnet, I wrote up a post of my experiences, along with malware samples should you wish to follow along: http://wp.me/pBV1X-n

]]> By: John http://www.darknet.org.uk/2009/08/twitter-being-used-as-botnet-command-channel/#comment-158706 John Mon, 17 Aug 2009 16:23:18 +0000 http://www.darknet.org.uk/?p=2024#comment-158706 I like Twitter, but it is becoming more spammy. I like Twitter, but it is becoming more spammy.

]]> By: GZero http://www.darknet.org.uk/2009/08/twitter-being-used-as-botnet-command-channel/#comment-158700 GZero Mon, 17 Aug 2009 08:09:23 +0000 http://www.darknet.org.uk/?p=2024#comment-158700 Web Based C&Cs are (for me) the next natural step. Just like P2P networks made the switch from obscure custom protocols (Gnutella, Direct Connect) to HTTP based services (BitTorrent), so too will the bots. Web Based C&Cs are (for me) the next natural step.

Just like P2P networks made the switch from obscure custom protocols (Gnutella, Direct Connect) to HTTP based services (BitTorrent), so too will the bots.

]]> By: NNM http://www.darknet.org.uk/2009/08/twitter-being-used-as-botnet-command-channel/#comment-158699 NNM Mon, 17 Aug 2009 06:27:47 +0000 http://www.darknet.org.uk/?p=2024#comment-158699 I'm not sure why anyone uses twitter at all... It's childish, buggy, hacked, unsecured... I signed up a year ago to "see what it is"... I have never used it, and I have about 300 followers, all spammers or bots. I find it very amusing how they get abused... "Now comes evidence that the microblogging website is being used to feed the very types of infected machines that took it out of commission." I’m not sure why anyone uses twitter at all…
It’s childish, buggy, hacked, unsecured…
I signed up a year ago to “see what it is”…
I have never used it, and I have about 300 followers, all spammers or bots.

I find it very amusing how they get abused…
“Now comes evidence that the microblogging website is being used to feed the very types of infected machines that took it out of commission.”

]]>