Computer Security Mexican 'Mehika' Twitter Botnet Uses Social Networks As...

Mexican 'Mehika' Twitter Botnet Uses Social Networks As Control Channels

twitter-botnet-mehika-computer-errorA botnet based out of Mexico called Mehika uses a social network as its controller, giving hackers the ability to instruct a group of compromised computers to perform malicious actions from a user's Twitter or Facebook account.

Botnets are known to be among the most worrisome malware infections for computer users, network administrators and even website owners. Botnets are basically groups of compromised or malware infected computers that connect to a central command-and-control server (central server or host that a botnet is programmed to connect to for its set of instructions) which instructs the systems to usually perform malicious actions for the purpose of monetary gain. The malicious actions that botnets perform can range from attacking websites to sending out thousands of spam messages in a matter of minutes. In the case of the Mexican Mehika botnet (aka WORM_TWITBOT.A), hackers are able to send commands to a group of computers utilizing a Twitter account instead of a traditional command-and-control server.

In the past, it was common for a hacker to obtain newly created hosted server to be used as their conventional command and control for botnets. A newer technique, first detected in August of 2009, uses social networks such as Twitter or Facebook as an alternative command-and-control channel for a hacker's botnet. Researchers believe that some of the Twitter or Facebook accounts used as a controller for a botnet were previously compromised so the attackers can easily cover their tracks. This is why it is so important to utilize safe practices on any social network online which includes using a strong password and changing it often. In addition, it is recommended that social network users never share their personal information with others.

Furthermore, a group of Mexican botnets, including Mehika, have been uncovered by security researchers in the past few months which are believed to be involved in various cybercrimes such as spamming, carrying out DDoS (Distributed Denial of Service) attacks and phishing. The group of Mexican botnets share similarities in their use of PHP scripts which may be an indication on them utilizing social networks as an alternative command-and-control server.

Using a social networking site as a command-and-control server keeps the creator from installing, configuring and managing a conventional server which can be very time consuming and may be easily detected by security analysts and later shut down. This means that by simply posting a Tweet from a specific Twitter account or updating a Facebook account's status can send out commands or instructions to zombie computers (the botnet). Not to mention the social networks Twitter and Facebook, among the top targets for malware this year, have millions of users which makes it very difficult to track or locate a suspicious account. This sounds pretty clever doesn't it?

Loading...