Aprameya Mysore

03 Apr 2016

I was browsing a variety of twitter bots that seemed somewhat cool, but something about the medium didn’t really compel me that much. The AI twitter bots that interact with people I found to be somewhat cool, such as the TayAI fiasco that Microsoft embroiled itself in, but I stumbled across another utilization of twitter bots that really piqued my interest. There was a pervasive computer virus that took the world by storm in 2014, and some think it is still operational, called ‘iWorm’. iWorm was a botnet, which means once a certain malware is installed on a population of host machines, each ‘bot’ listens to command and control instructions sent by the perpetrator of the malware to execute actions en masse. These could include sending back sensitive info of infected users (credit card info, logins, etc), serving as a bank of proxy IP addresses for the perpetrator to do malicious things while anonymized pretending to be the victim, or acting as a weapon to DDoS websites whereby every victim of the botnet spams a given web address with tons of requests, forcing downtime.

The particularly interesting thing about iWorm is that victims infected with the malware would receive command and control instructions through reddit. Traditionally, the bots in a botnet are controlled through IRC communication, however many antivirus programs have become privy to this technique and carefully scrutinize IRC communications. iWorm instead hides its instructions in plain sight, by posting encrypted instructions to an arcane but public subreddit. I thought this was a brilliant and elegant use of social media automation. I did some more research and discovered that there have been a couple Twitter accounts that have been utilized to this same end. Although the posts to these control accounts/subreddits themselves are probably automated, its possible there is a good bit of manual intervention. Regardless, I think this framework for botnet control through social media, particularly twitter, is a very interesting re-interpretation of the idea of a “Twitter Bot”

 

references:

Twitter-based Botnet Command Channel

http://arstechnica.com/security/2014/10/reddit-powered-botnet-infected-thousands-of-macs-worldwide/

When Bots Use Social Media for Command and Control