Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Black hats target Twitter

Ross O. Storey | June 7, 2010
New hacker tool discovered to use Twitter for botnets

SINGAPORE, 7 JUNE 2010 - Micro-blogging site Twitter has become the latest target for black hat digital criminals, according to Internet security software producer Kaspersky Lab.

In a statement, Kaspersky says they have discovered a new hacker tool called TwitterNET Builder that can be used to form botnets that are controlled via Twitter.

Kaspersky and Symantec research has concluded that botnets currently pose the biggest threat to the Internet.

A botnet (also known as a zombie army) is a group of computers that, although their owners may be unaware, have been set up to forward transmissions (including spam or viruses) to other computers on the Internet. Any such computer is referred to as a zombie in effect, a computer "robot" or "bot" that serves the wishes of some master spam or virus originator.

The theft of Twitter credentials and the publication of malicious links on Twitter have jumped noticeably since mid-March and we are seeing more and more schemes designed to make money from this data, said Costin Raiu, director of Kaspersky Lab's global research and analysis team.

A couple of clicks

Said the Kaspersky Lab statement:  It takes just a couple of mouse clicks to create malicious code capable of turning infected computers into zombies, which when joined together form a botnet. The botnets are then controlled via an account set up with the popular microblogging service Twitter. Such botnets are subsequently used for the usual practices of distributing spam and carrying out DDoS attacks.

There are currently two known TwitterNET Builder variants, Kaspersky said. The first variant uses malicious commands with static names. The second variant, detected by Kaspersky Lab, allows users to change the names of the command making it harder to identify which Twitter accounts are being used to control the botnets.

TwitterNET Builder is freely available and is likely to appeal to hackers of every type, especially novices, according to the Internet security firm.

Russian-language hacker forums are currently doing a roaring trade in compromised Twitter accounts, the statement said. A thousand compromised accounts are selling for anything from $100 to $200. The price depends on the number of users the more followers' the account has, the higher the price.

Trojans and phishing

Kaspersky said the accounts were presumably compromised using two basic methods: Trojans that steal users' Twitter credentials directly, and phishing scams that use fake authorisation requests on bogus websites designed to resemble the original.  

Once the cyber criminals have access to an account they can initiate a malicious mailing that appears to come from the legitimate account holder, or just sell the account on to others for similar purposes.

The firm recommends that users be particularly vigilant with messages received from social networking sites and ensure their anti-virus system is always up-to-date.


Sign up for MIS Asia eNewsletters.