Twitter's Direct Message To Control Botnet The Comfortable And Effective Way

By Money Times

Nov 16, 2015 09:22 PM EST

Turns out Twitter's extension of Direct Message passed 140 characters accidentally gives botnet administrators a stealthy and streamlined approach to control their bots.

Another indirect access device manufactured and designed by white hat security specialist Paul Amar uses Twitter Direct Messages's as a botnet order and control base. Amar says his so-called "Twitter tool" was motivated by a Gmail botnet C&C tool called Gcat.

Paul Amar, a security analyst with SensePost Information Security wrote, "I mostly wanted to create a PoC after Twitter decided to remove the 140 characters limit for Twitter Direct Messages," according to   Security Affairs.

He further said, "I was looking at how third party services could hide malicious traffic" and how botnets could keep up a charge and control foundation that could stay away from takedowns, for instance, says Amar.

His python based Twitter secondary passage device essentially permits to work and stow away on a display. The machines would already be tainted by the malware and after that controlled by the assailant by means of his or her malicious Twitter Direct Messages. "It uses just one Twitter account that sends the DMs," Amar says. "Everything is going through private messaging of the attackers account," he further elaborated.

Amar says an attacker likely would utilize Tor to the make the new Twitter account. With DMs longer than 140 characters, it leaves a lot of headroom for controlling the bots, he says. "It allows for more malicious activity."

Twitter bots are constrained to 100 direct messages a day. New bots can be made with additional accounts, however. Amar has introduced different tools incorporated a cross-site demand forgery hacking toolbox to a Shodan Firefox extension, according to The Register.

According to Pauls, charging and controlling a botnet by means of Twitter DMs looks to Twitter, at least fundamentally the same to an ordinary conversation between two people. This makes the botnet elusive for Twitter. Botnets are usually controlled by means of muddled programming thus utilizing Twitter is an ordinal thought, Business Insiderreports.

Twitter looks out for unusual activities on accounts (you can't, for instance, tweet the exact same update twice) and so Paul constraints every account to 100 direct messages a day. Twitter recently won a lawsuit against individuals who use direct messages to spam clients and Twitter users.

The aspiring newly launched Twitter tool is open source and available to the public and its founder 'Paul Amar' is inviting developers to put their contributions in the project.

© 2024 VCPOST, All rights reserved. Do not reproduce without permission.

Join the Conversation

Real Time Analytics