Security Researchers Uncover Do-It-Yourself Twitter Botnet

Dennis Faas's picture

More and more research is proving that those who know how to create viruses and malware are keen on reaching out to others, most likely to cash in on their deceptive knowledge. Such can be proven with TwitterNet Builder: a new tool designed to simplify botnet-based attacks over Twitter.

Botnets: A Virtual Army of Zombie Computers

For those unaware, a botnet is a technical term used to describe a network of computers under the control of a malicious software program. Once a computer has become compromised, the botnet program runs silently and autonomously until issued a command from a master computer (the hacker) to perform an "attack." Attacks come in the form of spam, denial of service attacks, or to propagate the botnet by infecting other machines on the network, for example.

That said, a new malicious program called "TwitterNet Builder" can create botnets that perform a variety of actions, including the installation of software or a distributed denial-of-service attack from Twitter accounts.

According to Sunbelt Software researcher Christopher Boyd, once a PC is infected with the botnet, the attacker can post commands that instruct the machine what information to take from a specified Twitter account.

'Public Workings' Reduce Threat

There is some good news, however: there are a number of drawbacks to the effectiveness of the system. "[The Twitter botnet attack] doesn't work if the person controlling the bots attempts to hide their commands on a private Twitter page," Boyd said. (Source:

Having to work in public means that Twitter could (and should) be able to restrict anyone issuing such commands from using the social networking service. It only takes one Twitter search to identify those using the attack method.

Twitter Cracking Down

Graham Cluley, senior technology consultant at Sophos, also highlighted the flaws of the botnet creator.

Said Cluley, "If a botnet is reliant upon Twitter accounts to give it its commands, then it is relatively easy to 'cut off the head' and disable accounts. The guys at Twitter are shutting down accounts all the time because of spam, [adult images], phishing or faking identities." (Source:

Still, both Boyd and Cluley accentuated the fact that spam and malicious links are still a recurring problem on Twitter and warned users to proceed with caution when opening unfamiliar links, even if the links appear to be sent from a friend.

Twitter has been notified of the problem and is looking into the situation.

Rate this article: 
No votes yet