Brazilian ID thieves using Twitter as botnet command channel

Arbor Networks security researcher Jose Nazario has stumbled upon a crimeware botnet using Twitter as its command-and-control operation.

The botnet, which is linked to identity thieves in Brazil, uses Twitter status messages to communicate with bots -- sending new links for the infected computers to contact and new commands and executables to download and run.

Here's a look at the Twitter account in question (via Arbor Networks blog):

"It’s an infostealer operation," Nazario explained.

He said the bots are sending data to URLs linked to Brazilian criminals that specialize in banker Trojans.

Banker Trojans are used to steal logins, passwords, PINs, check words and other information from bank websites.

The stolen information is usually uploaded to a hacker's website using a webform. The most vulnerable are users of on-line banks and payment systems that have logins and passwords that do not change every time a user logs on. That is why many banks are now switching to one-time passwords that expire after being used once.

Nazario said there are quite a few Twitter accounts being used to control botnets.  Twitter's security team is aware of the issue.  Some of the malicious accounts have already been deleted.