Comments on: Botnet communication over Twitter, Reddit, social web http://compsci.ca/blog/botnet-communication-over-twitter-reddit-social-web/ Programming, Education, Computer Science Wed, 30 Sep 2020 08:31:44 -0400 http://wordpress.org/?v=2.8.4 hourly 1 By: Brandon http://compsci.ca/blog/botnet-communication-over-twitter-reddit-social-web/comment-page-1/#comment-123296 Brandon Wed, 30 Sep 2020 07:03:27 +0000 http://compsci.ca/blog/?p=744#comment-123296 1 1

]]>
By: TerrorBite http://compsci.ca/blog/botnet-communication-over-twitter-reddit-social-web/comment-page-1/#comment-110484 TerrorBite Mon, 26 Jan 2009 13:24:29 +0000 http://compsci.ca/blog/?p=744#comment-110484 I think I found a twitter botnet... http://twitter.com/masterconsole Tweets by this user are frequent, and include messages like: <code>#mcp: $cmd=ban $drone=1620 $reason: host is a virtual machine (honey pot?) $code: 4122 $job=786620430-12038</code> <code>#mcp: $cmd=install $scope=gateway $payload=252 2629898148293275722137311933159247363679864621 5724588</code> <code>#mcp: $job=71224324-20007 completed in 2 cpu days.</code> <code>What's the matter, @SarkProgram? You look nervous.</code> (a reference to the movie Tron) I think I found a twitter botnet… http://twitter.com/masterconsole
Tweets by this user are frequent, and include messages like:

#mcp: $cmd=ban $drone=1620 $reason: host is a virtual machine (honey pot?) $code: 4122 $job=786620430-12038

#mcp: $cmd=install $scope=gateway $payload=252 2629898148293275722137311933159247363679864621 5724588

#mcp: $job=71224324-20007 completed in 2 cpu days.

What's the matter, @SarkProgram? You look nervous. (a reference to the movie Tron)

]]>
By: botnet http://compsci.ca/blog/botnet-communication-over-twitter-reddit-social-web/comment-page-1/#comment-110329 botnet Wed, 24 Dec 2008 05:31:42 +0000 http://compsci.ca/blog/?p=744#comment-110329 I wouldn't be surprised if some communications are already being facilitated by twitter. Although, there are much more efficient and effective mechanisms for managing and spreading bots. Let's be clear on one thing. Some of the recent randsomware does have flaws. Most of the original source malware and bots are professional done, CVS archives, and source management. Your statement is true for the all the skiddies that steal the code and try to use it. Malware and bots are strictly a numbers game. Don't let anyone ever tell you differently: it's always about the money. I wouldn’t be surprised if some communications are already being facilitated by twitter. Although, there are much more efficient and effective mechanisms for managing and spreading bots.

Let’s be clear on one thing. Some of the recent randsomware does have flaws. Most of the original source malware and bots are professional done, CVS archives, and source management. Your statement is true for the all the skiddies that steal the code and try to use it.

Malware and bots are strictly a numbers game. Don’t let anyone ever tell you differently: it’s always about the money.

]]>
By: Leigh Honeywell http://compsci.ca/blog/botnet-communication-over-twitter-reddit-social-web/comment-page-1/#comment-110305 Leigh Honeywell Sat, 20 Dec 2008 09:12:48 +0000 http://compsci.ca/blog/?p=744#comment-110305 Michael hit the nail on the head. Modern botnets are using two things as Command and Controls: P2P protocols (primarily custom stuff built on top of Overnet) and http traffic stored on compromised servers. Some relevant stuff can be read about at Brandon Enright's site: http://noh.ucsd.edu/~bmenrigh/ (scroll down to the "Exposing Stormworm" link, I hate linking directly to things like Powerpoint files :) ), and <a href="http://blog.fireeye.com/research/2008/11/technical-details-of-srizbis-domain-generation-algorithm.html" rel="nofollow"> an analysis of the domain name generation algorithm for the Srizbi botnet</a>. -Leigh Michael hit the nail on the head. Modern botnets are using two things as Command and Controls: P2P protocols (primarily custom stuff built on top of Overnet) and http traffic stored on compromised servers.

Some relevant stuff can be read about at Brandon Enright’s site: http://noh.ucsd.edu/~bmenrigh/ (scroll down to the “Exposing Stormworm” link, I hate linking directly to things like Powerpoint files :) ), and an analysis of the domain name generation algorithm for the Srizbi botnet.

-Leigh

]]>
By: Zeroth http://compsci.ca/blog/botnet-communication-over-twitter-reddit-social-web/comment-page-1/#comment-110293 Zeroth Wed, 17 Dec 2008 22:38:05 +0000 http://compsci.ca/blog/?p=744#comment-110293 Way ahead of you, lol. I remember reading a book about encryption combined with malware, and the possible ways. It was all thought-experiment stuff, mostly as security research. One of the key concepts they found was that it was entirely possible to have a specific url purchased that is a cryptographic determination(from the date), and at this url is a publically accessible BBS. The bots/masters can post encrypted communications and they showed that unless there was a mistake in the encryption algorithms, it would be nigh impossible to round up the author. He even explored methods of viruses ransoming off encrypted data. Luckily, the virus writers and bot writers so far are pretty dumb, relatively. Most ransomware is badly coded, and uses a predetermined public key, instead of a hashed public key. Interesting ideas though! Way ahead of you, lol. I remember reading a book about encryption combined with malware, and the possible ways. It was all thought-experiment stuff, mostly as security research. One of the key concepts they found was that it was entirely possible to have a specific url purchased that is a cryptographic determination(from the date), and at this url is a publically accessible BBS. The bots/masters can post encrypted communications and they showed that unless there was a mistake in the encryption algorithms, it would be nigh impossible to round up the author. He even explored methods of viruses ransoming off encrypted data. Luckily, the virus writers and bot writers so far are pretty dumb, relatively. Most ransomware is badly coded, and uses a predetermined public key, instead of a hashed public key. Interesting ideas though!

]]>
By: Matthew http://compsci.ca/blog/botnet-communication-over-twitter-reddit-social-web/comment-page-1/#comment-110248 Matthew Thu, 11 Dec 2008 02:07:29 +0000 http://compsci.ca/blog/?p=744#comment-110248 This is certainly a very interesting idea. Of course it all comes down to how crafty the communications are - and if access to those sites is actually allowed or not. Alternatively, the botnet owner could also set up their own 'social networking' portal. This is certainly a very interesting idea. Of course it all comes down to how crafty the communications are – and if access to those sites is actually allowed or not. Alternatively, the botnet owner could also set up their own ’social networking’ portal.

]]>
By: Michael Chang http://compsci.ca/blog/botnet-communication-over-twitter-reddit-social-web/comment-page-1/#comment-110242 Michael Chang Wed, 10 Dec 2008 22:31:09 +0000 http://compsci.ca/blog/?p=744#comment-110242 Why not just use XML-RPC, and stick some sneaky code into a publicly accessible web server? That seems much less contrived... Of course, the biggest issue I can see with this is that HTTP communication requires polling... which slightly increases the complexity of any bot program. You need to make sure the bot is inconspicuous enough or otherwise a sysadmin might see the logs and wonder why someone keeps connecting to twitter every 5 minutes on the :00. Why not just use XML-RPC, and stick some sneaky code into a publicly accessible web server? That seems much less contrived…

Of course, the biggest issue I can see with this is that HTTP communication requires polling… which slightly increases the complexity of any bot program. You need to make sure the bot is inconspicuous enough or otherwise a sysadmin might see the logs and wonder why someone keeps connecting to twitter every 5 minutes on the :00.

]]>
By: Jarek PiĆ³rkowski http://compsci.ca/blog/botnet-communication-over-twitter-reddit-social-web/comment-page-1/#comment-110235 Jarek PiĆ³rkowski Wed, 10 Dec 2008 07:34:16 +0000 http://compsci.ca/blog/?p=744#comment-110235 This is asking for a proof of concept, Tony. This is asking for a proof of concept, Tony.

]]>