Twitter used to control botnets

Twitter's security measures have been found wanting again

Twitter is being used for botnet command and control (C&C) purposes, according to new research from network security firm Arbor Networks.

Writing on the firm's official blog, senior security researcher Jose Nazario said he discovered a botnet which uses a Twitter account to send out status updates containing what appears to be a single line of indecipherable text.

However, once decoded the text actually points to links where the infected botnet machines can download more malicious code.

"Basically what it does is use the status messages to send out new links to contact, then these contain new commands or executables to download and run," wrote Nazario. "It’s an infostealer operation."

The account has now been shut down by Twitter, although Nazario warned that it's "just one of what appear to be a handful of Twitter C&C accounts".

In many ways Twitter is the perfect platform from which to control botnets, as it is able to withstand requests from hundreds of thousands of PCs, and has limited scanning capabilities to check for such activity, argued Graham Cluley, senior technology consultant at Sophos.

"Because no legitimate users followed this account, no one was likely to complain and call it spam," he added. "The only PCs looking for these instructions are the infected PCs."

Cluley argued that Twitter needs to take its scanning capabilities "up to a whole new level" in order to proactively prevent such activity in its accounts.