Forgot your password?
typodupeerror
Security Botnet Crime Social Networks The Internet News

Attackers Using Social Networks For Botnet Control 40

Posted by Soulskill
from the eighteen-script-kiddies-liked-this dept.
Trailrunner7 writes "Bot herders and the crimeware gangs behind banker Trojans have had a lot of success in the last few years with using bulletproof hosting providers as their main base of operations. But more and more, they're finding that social networks such as Twitter and Facebook are offering even more fertile and convenient grounds for controlling their malicious creations. New research from RSA shows that the gangs behind some of the targeted banker Trojans that are such a huge problem in some countries, especially Brazil and other South American nations, are moving quietly and quickly to using social networks as the command-and-control mechanisms for their malware. The company's anti-fraud researchers recently stumbled upon one such attack in progress and watched as it unfolded."
This discussion has been archived. No new comments can be posted.

Attackers Using Social Networks For Botnet Control

Comments Filter:
  • Obvious next step (Score:5, Insightful)

    by The MAZZTer (911996) <megazzt@[ ]il.com ['gma' in gap]> on Monday July 19, 2010 @05:32PM (#32956702) Homepage

    Steganography [wikipedia.org]. Of course it alone won't keep a good virus researcher from figuring out what's going on, but Facebook/whoever will just see a legitimate profile (and that may make it that much harder to get it taken down).

    Messages posted, postings on others' walls, images posted, even friends made in a particular order could all carry hidden meaning for watching malware.

    • Re:Obvious next step (Score:4, Interesting)

      by countSudoku() (1047544) on Monday July 19, 2010 @05:58PM (#32957040) Homepage

      I would love to mod this "Like", but I fear that will launch an attach from BotVille. Speaking of which, why not just use a malware metaphor, say farming, build up a fake business around that as a "game". Then let thousands of stupid people who like shitty "games" play it to control and command their warez-botz-thingyz? Ooops, too late!

    • by sea4ever (1628181)
      I'm not 100% sure but I think that facebook makes some changes to pictures you upload, compresses them and so forth.
      That seems to be the case when I upload a large photo directly from my camera, and on facebook it has been scaled down.
      So I guess it would work as long as the data doesn't get corrupted.
    • by TheLink (130905) on Monday July 19, 2010 @11:37PM (#32960074) Journal
      I jokingly suggested something related before- create some software to have servers to join facebook, and those servers can answer stupid quizzes like "20 Ways to know if you're a Windows 2008 R2 server".

      With status messages like:
      ProcessingNode192 is bored (has nothing to do)...
      StorageServer01 is feeling degraded (on array #2)...
    • Noting that in this case, the malware did not bother hiding the messages, but just posted them as notes instead [rsa.com]

  • by lemur3 (997863) on Monday July 19, 2010 @05:38PM (#32956758)

    I was really starting to worry that these Command & Control things that use IRC chatrooms were going to ruin the good reputation that IRC has built up over the years.

    • by lmnfrs (829146)

      IRC is a pretty primitive chat program, so it will never earn a good reputation. http://www.youtube.com/watch?v=O2rGTXHvPCQ [youtube.com] in case you're bored.

    • by blair1q (305137)

      I was once booted from a #Unix IRC channel for being too smart.

      True story.

  • is this news? (Score:2, Informative)

    by WillgasM (1646719)
    I thought they had been doing this for a long time now.
  • Yes, Marianne, hackers innnovate. any other news?

    • by vxice (1690200)
      It may not be news in itself that they innovate but where exactly they are moving to now is news. You could just as easily say all of those words have been written before, in the dictionary. It wouldn't mean that it is not newsworthy.
  • The new IRC? (Score:2, Insightful)

    by bjartur (1705192)

    Meh, IRC has been used for this purpose for a long time. Switching to the centralised Twitter service for increased anonymity is just an evolution, not a revolution.

  • by cffrost (885375)
    Advertisers have been using all kinds of networks to "control their bots" since the dawn of civilization. Anyway, we each gotta do our bit... good of society, et al.
  • It's as if a journalist is trying to make nerdy white-collar crime sound cool.

    Stop it journalists! You're making it worse! Ooh, and now they're using crimeware!

  • So it changes from hotmail to facebook, or aol to twitter, or icq to myspace...it is all the same use a free networking tool to communicate to your botnet commands .....I use /. myself....so much cooler, especially when you get modded down you can implement an auto attack for the person modding you down... ; )

I am the wandering glitch -- catch me if you can.

Working...