Incident of the Week: Social Networking Sites Used as Command and Control Structure for BotNets

Are you having trouble making sense of social networking sites like Twitter?  It may be because you are trying to read an encoded command to a malware-infected computer.  Security consultant Jose Nazario at Arbor Networks has discovered that popular social networking sites like Twitter and Jaiku are being used to control botnets, armies of computers that have infected with malware enabling the individual controlling the botnet to steal user information and direct the computers to attack others.  Botnet commanders often use IRC (Internet Relay Chat) messages to control the “slave” computers, but Nazario discovered encoded gibberish in a user’s tweets and decoded them to find that the messages directed infected computers to download additional payloads of malware.  According to Nazario’s post on the Arbor Networks blog, the original botnet commands appear to have been used to steal user information.

This raises a number of concerns for any website that permits users to generate content. In addition to copyright infringement and other abuse concerns, clearly this highlights another type of content that website administrators should be policing. Also, as companies and institutions begin to view particular websites as being involved in botnet infections, even inadvertently, system administrators may begin blocking access to these sites. As a result, this is a concern both for companies that maintain social networking sites, blogs and other user-generated content, as well as employers and other companies that provide access to those sites.

Leave a Reply

Your email address will not be published. Required fields are marked *