Home : Security : News

Twitter botnet creation made simple

A new tool has been created designed to make it simple to carry out botnet attacks over Twitter.

By Tom Brewster, 14 May 2010 at 12:55

A new tool designed to make botnet-based attacks over Twitter simpler has been created, according to a security expert.

Named the TwitterNet Builder, it can create botnets to carry out a variety of actions, including installation of software or a distributed denial-of-service attack, explained Sunbelt Software researcher Christopher Boyd, in a blog post.

Once the end user is infected, the attacker can post commands telling the botnet what action they want it to take from a specified Twitter account.

Twitter has now been notified of the problem and is looking into it, Boyd noted.

“All in all, a very slick tool and no doubt script kiddies everywhere are salivating over the prospect of hitting a website with a DDoS from their mobile phones,” Boyd said.

Fortunately for Twitter users, there are drawbacks to the system. “This doesn’t work if the person controlling the bots attempts to hide their commands with a private Twitter page,” Boyd added.

Being public means that Twitter should be able to block anyone issuing such commands and it only takes a search on the micro-blogging service to identify those using the attack method.

Graham Cluley, senior technology consultant at Sophos, had seen Boyd's blog and also pointed to the flaws of the botnet creator.

“If a botnet is reliant upon Twitter accounts to give it its commands then it’s relatively easy to cut off the head and disable accounts. The guys at Twitter are shutting down accounts all the time because of spam, or porn, or phishing, or faking identities,” he told IT PRO.

He did have a warning, however, about other threats on Twitter, such as spam and malicious links being placed on the service.

“We see lots of automated accounts being created with fake profiles which then lure you in with sexy pictures and sexy chat and then ultimately you are given a malicious link,” he said.

He also pointed to the recent bug that let some users force others to follow them, which “could have been very nasty”.

“One wonders how many other flaws might there be on Twitter which we simply don’t know about at the moment,” Cluley added.

Email to a friend

Print this page

< Previous Security : News Next >

Be the first to comment on this article

You need to Login or Register to comment.

Latest Security Analysis & Insight

Who to trust after the VeriSign hack?

Davey Winder questions what data was stolen from VeriSign and wonders why the company hasn't been more forthcoming.

More Security Analysis & Insight

Latest Security Reviews

Check Point 2210 Appliance review

Rating:

Check Point's new 2200 Appliances combined enterprise level network security with an SMB price tag. Its software blades provide a wealth of features, but do they complicate deployment? Read this exclusive review to find out.