Tag Archives: Malware

Old News: Twitter can be used for Botnet Command & Control

Filed under Hacking, Malware, Social Networks
Tagged as , , , , , , , , ,

Shocking but true…today a researcher discovered that Twitter has been used for command and control of a botnet which may have been used by Brazilian hackers to steal online banking login information.  Kudos to the researcher, Jose Nazario, who found this.  It was an interesting read to say the least.  The bot would basically look for base64 encoded commands on a Twitter account to download malware via RSS feeds with obfuscated (shortened) URL’s.  Interesting…sounds a lot like Robin Wood’s tool KreiosC2 which was released at DEFCON 17.  I even did this demo showing what else? Base64 encoded commands.  Ironically, I showed off the first version of this code at Notacon 6 back in April of this year.  Keep in mind, KreiosC2 can be used for legitimate tasks like controlling things at home remotely via Twitter.  I highly recommend you read Robin’s detailed write-up on how KreiosC2 functions.

What I find fascinating (like most things in security) is that now that there has been a real confirmed case of using Twitter for botnet C2 (Command & Control) the media seems to be jumping on it and even trying to determine “why it took so long for hackers to take Twitter to the dark side”.  Well, you can’t say we didn’t warn you.

The point that Robin, myself and others were trying to make way back in April was that this is a real threat and the bad guys have probably started to use Twitter for C2 even before Robin put out the code!  We were hoping that by releasing the code Twitter (and others) would see this as perhaps an early warning of things to come and perhaps prepare some defense for it (yes, we know it’s hard to put a defense together for something like this).  Now that we have a confirmed case used for malicious purposes we hope Twitter takes this seriously and can combat future C2 channels used for very bad things.  It always takes something bad to happen to create change…where have you heard that before? 🙂

Fighting the good fight!

Filed under Malware
Tagged as ,

Hey…I actually found a few minutes for a quick blog post! 🙂

Just a quick post to check out the report that my friend and malware researcher Greg Feezel was mentioned in a report over at Hostexploit.com. He contributed data to this report. The report was on the McColo web hosting firm which is apparently responsible for sending 75% of spam world wide! If you didn’t know, McColo was taken offline a few days ago and there has been a massive decrease in spam across the Internet. If you want more information on McColo check out Brian Kreb’s article here. Brian is actually one of the guys that helped shut this firm down based on some of the reporting he did.

Goes to show you that we can do some good as security professionals if we all work together!

Malware challenge has started!

Filed under Malware
Tagged as

Just a reminder to head over to malwarechallenge.info to start the malware challenge that was mentioned on the last Security Justice podcast as well as a blog post that I did a few days ago. The contest runs from October 1st – 26th and is open to everyone! May the force be with you…