Hijacked Twitter controls botnet

Security researchers have positively identified an automated toolkit that creates a custom bot using Twitter as a virtual command and control (C&C) platform.

“In order to create their custom bot, an attacker only has to launch the SDK, enter a Twitter username that would act as a command & control center and modify the resulting bot’s name and icon to suit their distribution method,” BitDefender confirmed in an official statement. 

“This is, undoubtedly, one of the first attempts at creating an automated bot creation tool to be used in conjunction with a Twitter C&C.”

However, the security company explained that TwitterNet was still in its “experimental” stage, as the creator didn’t expend “too much effort” to protect the generated bots from reverse engineering, detection or termination.

In addition, BitDefender researchers noted the “wannabe botmaster” was not the only one controlling the network, as a secondary hardcoded Twitter account (@Korrupt) transferred commands to any bot generated with the tool – regardless of the C&C account specified by the bot’s creator.

“Even if coordinating a botnet via a Twitter profile has its specific drawbacks (this is a single point-of-failure C&C – once the Twitter account is deleted for abuse, the entire botnet would fall apart), it also has its advantages – a botmaster can unleash a large-scale malware pandemic (by silently downloading and executing malware to all the zombie systems) or a DDOS attack by simply tweeting a single line of text from a mobile phone.”

A free removal tool for Trojan.TweetBot.A can be downloaded here.