Can Twitter be used to control a bot?

[dgcombs at gmail.com (Dan McGinn-Combs)]

I'd say using appropriate hash tag would work very well and provide a way to search for bots at the same time.
Dan 

-----Original Message-----
From: Dimitrios Kapsalis <dimitrios at gmail.com>
Sent: Friday, April 17, 2009 12:08 PM
To: PaulDotCom Security Weekly Mailing List <pauldotcom at mail.pauldotcom.com>
Subject: Re: [Pauldotcom] Can Twitter be used to control a bot?

I dont see any reason why twitter couldnt be used as a C&C for a bot net.
?
I think the main characteristics you would need for a C&C are:
1. Each to provide commands - need some protocol between bots and C&C
2. Availability of C&C center to be always up
?
To make it more intersting, i think you could also encrypt your commands posted on twitter so that only the bots can 
decrypt them, (or at least once you have the bot you can pull key to decrypt) and then its not as obvious on the 
twitter post what is happening.
?
Can prob also build a covert channel where through the post on the twitter, you have key words that are the commands 
for the bot net.


?
On Fri, Apr 17, 2009 at 10:57 AM, Robin Wood <dninja at gmail.com> wrote:
 
Hi
I had what I thought was a mad idea the other day, why not use Twitter
as a C&C channel for a botnet. I kept thinking about it and swung
 between attack and defence so asked a few people and decided that it
could be done. So I've written up my thought and created a proof of
concept bot and posted them to see what people think.

http://www.digininja.org/twitterbot/

Have a read and give me your feedback.

Robin
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: 

[The entire original message is not included]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090417/d1643159/attachment.htm