Full Disclosure mailing list archives
A Closer Look at the Twitter-Controlled Botnet
From: "my.hndl" <my.hndl () gmail com>
Date: Sun, 16 Aug 2009 22:36:48 -0700
Wired recently reported ( http://www.wired.com/threatlevel/2009/08/botnet-tweets/) on a botnet that was being administered via Twitter and other social networking sites. This is not a new idea, in fact there's a proof-of-concept framework to do exactly that (http://www.digininja.org/projects/kreiosc2.php). What's interesting about the Wired article is that the author made no effort to obscure the details of the C&C commands. I took a closer look at some payloads being deployed to this live botnet and wrote a post detailing how I decoded the tweets, following their links, got the malware, figured out what to do with it and determined how well anti-virus detected the malware (spoiler: not very well). During the research I found malware hosted on Ubuntu.com. The post is written as kind of a how-to for people curious about following botnets and analyzing malware. I have another post planned in which I will disassemble and debug the malware. Intended for novice malware analysts. Read more here: http://paulmakowski.wordpress.com/2009/08/16/a-closer-look-at-the-twitter-controlled-botnet-part-1/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- A Closer Look at the Twitter-Controlled Botnet my.hndl (Aug 16)