Twitter as Command and Control
It’s been a while since I’ve posted on some actual exploits, and for that I apologize.
There is a particular exploit that came to light a couple of months ago, but that I still find intriguing. In this case, botnets were using Twitter as a Command and Control center. The way it worked was the infected machines (bots) knew to look at the tweets on a particular Twitter account. These tweets held encoded information about where the new command and control center for the botnet was located.
This is an example of business logic abuse – in this case the bot herder used the tweet function to control his bots. This means he was using Twitter in exactly the way it was intended – to post tweets on his own account – but was doing it to perpetrate malicious activity.
The brilliance of this comes from that fact that command and control centers are the heart of a botnet. And by having his bots check for updates on Twitter, the bot herder was guaranteeing that the place the bots would check would always be live – who would take down Twitter? Of course, Twitter disabled his account, so that beats my logic, but, still, this is incredibly devious.
It will be very interesting to see what business logic abuse types stem from this attack!
2 Comments »
Leave a comment
About
Silver Tail is leading the fight against business logic abuse with 3rd generation fraud prevention.
Hackers are no longer high school kids trying to one-up their friends or criminals trying to just break-in to sites. Instead, today’s sophisticated hacker is organized crime, strategically targeting websites, stealing billions of dollars from companies and their customers. Vendors providing web application security and intrusion prevention have forced hackers to become much more innovative in their means of attacking websites. These hackers now target the legitimate business logic of websites to perpetrate their fraud, including hijack threats, velocity attacks and gaming schemes. Silver Tail is using the deep domain expertise of its team to provide software that combat business logic abuse in real-time.
Silver Tail was founded by a team of fraud prevention experts who built anti-fraud and anti-phishing tools at eBay and PayPal. Through their experience and proprietary algorithms, they have built a system that is scalable, minimizes false positive rates, and is extremely flexible to adapt to changing attack vectors.
Feedburner
RSS Feed
-
Archives
- November 2009 (7)
- October 2009 (8)
- September 2009 (7)
- August 2009 (8)
- July 2009 (7)
- June 2009 (6)
- May 2009 (6)
- April 2009 (14)
- March 2009 (8)
- February 2009 (5)
- January 2009 (8)
- December 2008 (5)
-
Categories
- behavior analysis
- business logic abuse
- Business Logic Flaw
- Business Process Abuse
- Compliance
- Cost of fraud
- Data Loss
- Detection
- education
- Fraud
- Gaming
- General
- information security
- Investigation
- Man-in-the-Browser
- Online Fraud
- Payment
- Phishing
- Prevention
- risk management
- Social engineering
- Social Networks
- Trust
- Uncategorized
- web logic abuse
- Zeus
-
RSS
Entries RSS
Comments RSS
Laura, take at look at this presentation we delivered at BJ Europe 2007: http://www.blackhat.com/presentations/bh-europe-07/Fucs-Paes-de-Barros-Pereira/Presentation/bh-eu-07-barros.pdf
We are lucky that this C&C on Twitter was so badly implemented. Twitter has a search capability that makes it a perfect system to spread commands in the way we suggested in our research. Bots could use the twitter profile from the user of the infected machine, that would make very hard to filter and take down the messages with C&C traffic.
Wow enjoyed reading your post. I added your rss to my blogreader.