Jose Nazario, writing on the Arbor Network Security blog �Security to the Core,� has described a botnet that uses Twitter as a command-and-control channel. The bot owner sends update information in a tweet and RSS feeds send it to the botnet.
The tweeted update information is in the form of a shortened URL, which leads to one of several malicious web sites. Before they were taken down, Nazario found that the sites downloaded a packed .exe file that was an information stealer (Buzus) and packed .dll file loaded with URL�s where the .exe could phone home the information.
The mechanism seems to be the work of Brazilian ID thieves, he said.
Blog post here.
Tom Kelchner
No comments:
Post a Comment