A security researcher has found that hackers are using Twitter to distribute instructions to a network of compromised computers, known as a botnet.
The traditional way of managing botnets is to use IRC, but botnet owners are continuously looking for new ways to keep their networks up and running, and Twitter seems to be the latest trick.
A now-suspended Twitter account was being used to post tweets that had links new commands or executables to download and run, which would then be used by the botnet code on infected machines, wrote Jose Nazario, manager of security research at Chelmsford, Mass.-based Arbor Networks Inc., in a blog post on Thursday.
“I spotted it because a bot uses the RSS feed to get the status updates,” Nazario wrote.
The account, called “Upd4t3”, is under investigation by Twitter's security team, according to Nazario. But the account is just one of what appear to be a handful of Twitter command and control accounts, Nazario wrote.
Botnets can, for example, be used to send spam or carry out distributed denial-of-service attacks, which Twitter itself became the victim of last week. The botnet Nazario found is “an infostealer operation,” a type that can be used to steal sensitive information such as log-in credentials from infected computers.