Monday, August 17, 2009

HACKER USED TWITTER TO CONTROL INFECTED PCs

San Jose, Calif: Twitter's been having a rough couple of weeks.

A researcher looking into the attacks that knocked Twitter offline last week discovered another, unrelated security problem.

At least one criminal was using a Twitter account to control a network of a couple hundred infected personal computers, mostly in Brazil. Networks of infected PCs are referred to as "botnets" and are responsible for so much of the mayhem online, from identity theft to spamming to the types of attacks that crippled Twitter.

Jose Nazario with Arbor Networks said he found a Twitter account that was used to send out what looked like garbled messages. But they were actually commands for computers in a botnet to visit malicious Web sites, where they download programs that steal banking passwords.

The affected Twitter account was taken down. Twitter didn't immediately respond to e-mails for comment.

Nazario said what appeared to be the same person was doing the same thing on an account with a Google Inc. service called Jaiku, which is similar to Twitter.

Google said the affected account was shut down.

The technique Nazario described isn't sophisticated, and a couple hundred infected computers is small when some botnets contain hundreds of thousands of infected PCs.

But it shows how criminals are finding inventive ways to exploit legitimate social networking services to help with their dirty work. One reason social networks are an attractive target for crooks is because their content is hard to monitor, and because people click on lots of links inside their accounts, which is a key way computer infections are spread.

"I wouldn't call it rocket science, but it's effective," Nazario said. "This is the problem with free social media that people need to be aware of."

The revelation comes on the heels of a destructive "denial-of-service" attack that brought down Twitter at stretches last week. Those attacks appear to have targeted a lone blogger in the former Soviet republic of Georgia, but affected the entire Twitter service.

Denial-of-service attacks consist of flooding a Web site with so much traffic that its servers buckle under the strain. That's either done by pounding it with an immense volume of traffic (which can be easy to thwart), or increasingly, hammering a site with lots of harder-to-detect computing-intensive requests, like trying to log in or do searches, which can also bring a site to its knees. Botnets, or networks of zombie computers, are the main weapon in both attacks.

No comments: