Hapless Twitter hijacked by insidious botnet

Posted by Aharon Etengoff

San Francisco (CA) - An insidious botnet has breached Twitter's cyber defenses and is exploiting the social networking site to further its command-and-control operations. According to Symantec, 'obfuscated' Twitter status messages are being used to send out new download links to malware software known as "Downloader.Sninfs."

"Although Twitter.com has been used in this instance, there are plenty of alternative sites on the Internet that could also be used as a similar medium of communication. Twitter.com has already taken the appropriate action against accounts being used in this way, including suspending the account used in the example above," Symantec's Peter Coogan wrote in an official blog post.

"Our investigation and analysis of Downloader.Sninfs is ongoing but has so far shown that it reads a specific Twitter.com RSS feed only once. The RSS feed is simply a text file similar to other RSS feeds found on other Internet sites. The RSS text file contains information as to where Downloader.Sninfs can find additional threats to download onto the compromised system. In this way the RSS file acts like a config file for the malware."

Twitter botnet

Coogan explained that the malware currently being downloaded by Downloader.Sninfs is known to Symantec as Infostealer.Bancos - a password-stealing Trojan.

"[Infostealer.Bancos] mimics the interface of certain Brazilian banks in an attempt to collect passwords and other sensitive information from users of a compromised computer. This malware has been around since 2003 and is still prevalent. The image below shows a heatmap for Infostealer.Bancos infections over the last 60 days," stated Coogan.

Rob Housman, Executive Director of the Cyber Secure Institute, told TG Daily that the ongoing cyber offensive against Twitter illustrated the "dangerous vulnerability" of unsecured systems.

"The global impact of Twitter downtime is relatively small. However, the successful distributed denial-of-service attacks (DDoS) launched against Twitter in recent days offers us a frightening glimpse of what could happen if essential governemnt or private sector systems are targeted in the future," said Housman. "The ability to launch attack is so simple these days. For example, power companies that were supposedly off the grid fell victim to hackers last year. The hackers forced the corporations to pay large sums of money in exchange for keeping the power on."

Twitter botnet

Housman warned that "inherently secure infrastructure" was necessary to thwart future threats, such as DDoS attacks against health and financial institutions.

"Imagine criminal hackers threatening to alter or delete medical records if their demands are not met. The prospect of such an event is enormously scary. We need to start developing systems that are secure from the get-go, rather than bolting on ad-hoc solutions and constructing virtual fences that are - in essence - incapable of protecting systems against serious threats," added Housman.