| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e52fe1010908162236r43e66bf0i610db195379f6a36@mail.gmail.com>
Date: Sun, 16 Aug 2009 22:36:48 -0700
From: "my.hndl" <my.hndl@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: A Closer Look at the Twitter-Controlled Botnet
Wired recently reported (
http://www.wired.com/threatlevel/2009/08/botnet-tweets/) on a botnet that
was being administered via Twitter and other social networking sites. This
is not a new idea, in fact there's a proof-of-concept framework to do
exactly that (http://www.digininja.org/projects/kreiosc2.php). What's
interesting about the Wired article is that the author made no effort to
obscure the details of the C&C commands.
I took a closer look at some payloads being deployed to this live botnet and
wrote a post detailing how I decoded the tweets, following their links, got
the malware, figured out what to do with it and determined how well
anti-virus detected the malware (spoiler: not very well). During the
research I found malware hosted on Ubuntu.com. The post is written as kind
of a how-to for people curious about following botnets and analyzing
malware. I have another post planned in which I will disassemble and debug
the malware. Intended for novice malware analysts.
Read more here:
http://paulmakowski.wordpress.com/2009/08/16/a-closer-look-at-the-twitter-controlled-botnet-part-1/
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists