Viruses/Worms News

Botnet controllers using Twitter, pastebins like SaaS

Tuesday, August 18, 2009

Cybercriminals who control networks of compromised PCs, called botnets, have hit upon new ways to update Trojan malware through Twitter and other online services, which act as a kind of software-as-a-service (or SaaS) for cybercrime.

Last week, Jose Nazario of security firm Arbor Networks discovered Twitter accounts that use status messages (tweets) to send out links containing new commands or executables for the botnet to download and run.

Now, researchers at Symantec have discovered that bot herders are also using pastebins to host obfuscated code that contains Trojan malware. Symantec researchers found messages from Twitter containing base-64 code that translates into links to Debian.net and Rifers.org, both legitimate pastebins that give web users the ability to upload text for sharing information.

The pastenbins contain base-64 code that, once translated, is revealed to be a zip archive with malicious executable files - a Trojan called Downloader.Sninfs.

A new variant of the Trojan threat uses Twitter and another social networking and micro-blogging site, Jaiku.com, Symantec said. The Trojan Downloader.Sninfs.B attempts to get URLs from obfuscated Twitter status messages.

If that attempt fails, the Trojan will use the RSS feed from an account registered on Jaiku.com to obtain the location of remote files, Symantec said on its security blog.
ADNFCR-1765-ID-19318366-ADNFCR

Related News:

Security firms join working group to fight web threats - 8.19.2009
Several prominent web security companies are joining together to share information and resources to fight the growing threat of malware on the web. Assembled under the IEEE Standards Association, the working group is called the Industry Connections Security Group (ICSG).

Internet Explorer 8 aces web browser security test - 8.14.2009
Microsoft's Internet Explorer 8 (IE8) web browser outperformed Safari 4, Firefox 3, Chrome 2 and Opera 10 Beta in a Microsoft-sponsored security test by NSS labs.

Koobface worm grows more sophisticated in web 2.0 attacks - 8.11.2009
Web security researchers are warning that the notorious Koobface worm that spreads on social networks like Facebook and Twitter has grown more sophisticated in order to evade detection and trick more savvy users into downloading malware.

Adobe Flash flaw exploited by malware in Microsoft Excel files - 8.6.2009
Security flaws that exist in Adobe Flash are being actively exploited by cybercriminals via maliciously crafted Microsoft Excel files, according to web security researchers at security firm Sophos.

Security researchers warn of cyberattacks on 'smart' electric grid - 8.5.2009
Security researchers at the Black Hat and Defcon cybersecurity conferences last week highlighted flaws in smart grid technology that could lead to system hacking or disruption of service.

View Related Resources
Or
Watch an Online Demo
Or
Have us call you now