In the last month, three botnet command-and-controls (C&Cs) have been spotted in the wild on Twitter and Google Groups. A botnet, perhaps better described as a "zombie network", is a distributed organization of programs that runs in the background of infiltrated computers (laptops, servers, cell phones, etc.) that performs tasks such as information stealing, email spamming, or other types of attacks. Usually these bots try to multiply, to remain hidden, and to scan for private data. Some are more sophisticated than others.

Usually, these bots operate on a peer-to-peer basis, but last month Arbor Networks found a botnet using a centralized C&C via Twitter and Jaiku. Once alerted, they each shut the offending account down, but just days later, a second one was found on Twitter. Meanwhile, just last week, Symantec uncovered a trojan using Google Groups as its C&C in a similar way.

Interestingly, these particular botnet C&Cs were very primitive. More stealthy approaches, such as using steganography to hide bot commands, are not as widely used (or worse, they are and haven't been discovered). With web 2.0 and social networking sites growing in popularity every day, look for more botmasters to abuse these sites in this way.

Erhan J. Kartaltepe,
erhan.kartaltepe-at-utsa.edu