by Jose Nazario
While digging around I found a botnet that uses Twitter as its command and control structure. Basically what it does is use the status messages to send out new links to contact, then these contain new commands or executables to download and run. It’s an infostealer operation.
The account in question is under analysis by Twitter’s security team. I spotted it because a bot uses the RSS feed to get the status updates.
http://asert.arbornetworks.com/2009/08/twitter-based-botnet-command-channel/
