Leveraging social networking sites to gain control of user systems, and to make them part of botnets is no longer a new tactic. In a recent research, we came across a malware that uses a Twitter account to send out commands to the new Mehika Twitter botnet’s zombies.
But why are cybercriminals using a social networking site to send out commands to botnet zombies? The answer is quite simple. Using a social networking site does not require installation, configuration, and command-and-control (C&C) server management. Instead, posting messages in a specific account can instantly send out commands and instructions to zombies.
It is also interesting to note that since social networking sites have thousands or even millions of user profiles, locating a suspicious account is difficult, especially if cybercriminals take time out to cover their tracks.
Trend Micro product users, however, should not worry, as Smart Protection Network™ already detects the Mehika Twitter botnet binary as WORM_TWITBOT.A and prevents it from reaching users’ systems. If you would like to know more about the Mehika Twitter botnet and its predecessors, read our latest research paper, “Discerning Relationships: The Mexican Botnet Connection.”