Can Twitter be used to control a bot?

[dimitrios at gmail.com (Dimitrios Kapsalis)]

I dont see any reason why twitter couldnt be used as a C&C for a bot net.

I think the main characteristics you would need for a C&C are:
1. Each to provide commands - need some protocol between bots and C&C
2. Availability of C&C center to be always up

To make it more intersting, i think you could also encrypt your commands
posted on twitter so that only the bots can decrypt them, (or at least once
you have the bot you can pull key to decrypt) and then its not as obvious on
the twitter post what is happening.

Can prob also build a covert channel where through the post on the twitter,
you have key words that are the commands for the bot net.



On Fri, Apr 17, 2009 at 10:57 AM, Robin Wood <dninja at gmail.com> wrote:

> Hi
> I had what I thought was a mad idea the other day, why not use Twitter
> as a C&C channel for a botnet. I kept thinking about it and swung
> between attack and defence so asked a few people and decided that it
> could be done. So I've written up my thought and created a proof of
> concept bot and posted them to see what people think.
>
> http://www.digininja.org/twitterbot/
>
> Have a read and give me your feedback.
>
> Robin
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090417/35d56864/attachment.htm