August 14, 2009, 8:21 AM — Imagine that, for some crazy reason, you’ve been following a Twitter user with the account name Upd4t3. Here’s a portion of a typical tweet that you might see:
aHR0cDovL2jpdCSseS9MT2ZSTyBodHRwOi8vYm…
Huh? That partial tweet was actually a portion of a command for a network of bots that is said to be linked to a group of identity thieves in Brazil. (Twitter has already made the account inactive and its security team is currently analyzing it.) Hiding deep beneath this gibberish is an “infostealer” program that the botnet members – called zombie PCs – use to collect data from the PCs they have taken over and send it to a third party.
Pretty smart.
Botnets are nothing new; operators usually leverage IRC chat rooms to act as command and control centers. But a few enterprising ones have migrated to Twitter, where these commands are easily hidden in the barrage of tweets that are posted every day.
Smart as this move may be, these botnet operators better have a back-up plan should Twitter crash again. How will its zombie PCs receive instructions to send spam, steal information, or perform DoS attacks without tweets to command them?
