Twitter botnet creation made simple

A new tool has been created designed to make it simple to carry out botnet attacks over Twitter.

Twitter

A new tool designed to make botnet-based attacks over Twitter simpler has been created, according to a security expert.

Named the TwitterNet Builder, it can create botnets to carry out a variety of actions, including installation of software or a distributed denial-of-service attack, explained Sunbelt Software researcher Christopher Boyd, in a blog post.

Advertisement - Article continues below

Once the end user is infected, the attacker can post commands telling the botnet what action they want it to take from a specified Twitter account.

Twitter has now been notified of the problem and is looking into it, Boyd noted.

"All in all, a very slick tool and no doubt script kiddies everywhere are salivating over the prospect of hitting a website with a DDoS from their mobile phones," Boyd said.

Fortunately for Twitter users, there are drawbacks to the system. "This doesn't work if the person controlling the bots attempts to hide their commands with a private Twitter page," Boyd added.

Being public means that Twitter should be able to block anyone issuing such commands and it only takes a search on the micro-blogging service to identify those using the attack method.

Graham Cluley, senior technology consultant at Sophos, had seen Boyd's blog and also pointed to the flaws of the botnet creator.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"If a botnet is reliant upon Twitter accounts to give it its commands then it's relatively easy to cut off the head and disable accounts. The guys at Twitter are shutting down accounts all the time because of spam, or porn, or phishing, or faking identities," he told IT PRO.

He did have a warning, however, about other threats on Twitter, such as spam and malicious links being placed on the service.

"We see lots of automated accounts being created with fake profiles which then lure you in with sexy pictures and sexy chat and then ultimately you are given a malicious link," he said.

He also pointed to the recent bug that let some users force others to follow them, which "could have been very nasty".

"One wonders how many other flaws might there be on Twitter which we simply don't know about at the moment," Cluley added.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement

Recommended

Visit/marketing-comms/social-media/356400/twitter-job-postings-point-to-a-new-subscription-platform
social media

Twitter job postings point to a new subscription platform

9 Jul 2020
Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020

Most Popular

Visit/mobile/google-android/356373/over-2-dozen-additional-android-apps-found-stealing-user-data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/cloud/356260/the-road-to-recovery
Sponsored

The road to recovery

30 Jun 2020