Security researcher Jose Nazario from Arbor Networks has discovered an account on Twitter that acted as command and control (C&C) center for controlling computers that are part of botnets.
The Twitter account was being used to send a single line of text, which is actually a command for computers in the botnet to visit malicious Web sites, and to download or update information-stealing malware. The dispatched status messages, which may look like gibberish, are in fact base64-encoded text strings.
The malicious bot and the downloaded malware involved in this botnet attack, however, are both detected and blocked by eSafe.
Botnet herders are in constant search for alternative mediums to control their botnet-infected computers more stealthily and less costly than command and control centers. Some have used P2P, ICQ, or IRC, but, apparently, this is the first time in which Twitter is used as a substitute to direct botnet computers.
After having his account suspended on Twitter, this botnet herder tried another microblogging websites like Jaiku, and Tumblr, according to Jose Nazario.
