Mexican Twitter-controlled botnet unpicked

The Speedy Gonzales of cybercrime


Security researchers have discovered another botnet that uses Twitter as a command and control channel.

Malware-infected drones in the Mehika Twitter botnet, active in Mexico this summer, take instructions from a Twitter account maintained by hackers instead of conventional command and control servers. The use of Twitter as a botnet command channel was first detected in August 2009 before similar techniques were applied to abuse Facebook profiles as command channels a few months later in November.

Cybercrooks gain a number of advantages in using social networks as alternative command channels, explained Trend Micro senior threat researcher Ranieri Romera.

"Using a social networking site does not require installation, configuration, and command-and-control (C&C) server management," Romera writes. "Instead, posting messages in a specific account can instantly send out commands and instructions to zombies."

Botnet control instructions can easily be lost in the chatter on Twitter, he added.

Rik Ferguson, a UK-based security researcher at Trend Micro, said the Mehika bonnet fell silent almost as soon as it was detected, back in July. "The bot client was located 15 July and this is the date also of all the latest commands seen, so [it was] theoretically down at that date," he told El Reg.

The Mehika bonnet was one of four botnets to affect web users in Mexico analysed in greater depth in a new research paper from Trend Micro, titled Discerning Relationships: The Mexican Botnet Connection, published on Monday. The four zombie networks share the common use of PHP scripts in their construction. The other networks were the Tequila, Mariachi and Alebrije botnets. The zombie networks were collectively involved in all types of cybercrime malfeasance including spamming, phishing and serving as a platform for DDoS attacks. ®

Broader topics


Other stories you might like

  • SpaceX staff condemn Musk's behavior in open letter
    Well, it doesn't take a rocket scientist to see why

    A group of employees at SpaceX wrote an open letter to COO and president Gwynne Shotwell denouncing owner Elon Musk's public behavior and calling for the rocket company to "swiftly and explicitly separate itself" from his personal brand.

    The letter, which was acquired through anonymous SpaceX sources, calls Musk's recent behavior in the public sphere a source of distraction and embarrassment. Musk's tweets, the writers argue, are de facto company statements because "Elon is seen as the face of SpaceX."

    Musk's freewheeling tweets have landed him in hot water on multiple occasions – one incident even leaving him unable to tweet about Tesla without a lawyer's review and approval. 

    Continue reading
  • GPUs aren’t always your best bet, Twitter ML tests suggest
    Graphcore processor outperforms Nvidia rival in team's experiments

    GPUs are a powerful tool for machine-learning workloads, though they’re not necessarily the right tool for every AI job, according to Michael Bronstein, Twitter’s head of graph learning research.

    His team recently showed Graphcore’s AI hardware offered an “order of magnitude speedup when comparing a single IPU processor to an Nvidia A100 GPU,” in temporal graph network (TGN) models.

    “The choice of hardware for implementing Graph ML models is a crucial, yet often overlooked problem,” reads a joint article penned by Bronstein with Emanuele Rossi, an ML researcher at Twitter, and Daniel Justus, a researcher at Graphcore.

    Continue reading
  • SEC probes Musk for not properly disclosing Twitter stake
    Meanwhile, social network's board rejects resignation of one its directors

    America's financial watchdog is investigating whether Elon Musk adequately disclosed his purchase of Twitter shares last month, just as his bid to take over the social media company hangs in the balance. 

    A letter [PDF] from the SEC addressed to the tech billionaire said he "[did] not appear" to have filed the proper form detailing his 9.2 percent stake in Twitter "required 10 days from the date of acquisition," and asked him to provide more information. Musk's shares made him one of Twitter's largest shareholders. The letter is dated April 4, and was shared this week by the regulator.

    Musk quickly moved to try and buy the whole company outright in a deal initially worth over $44 billion. Musk sold a chunk of his shares in Tesla worth $8.4 billion and bagged another $7.14 billion from investors to help finance the $21 billion he promised to put forward for the deal. The remaining $25.5 billion bill was secured via debt financing by Morgan Stanley, Bank of America, Barclays, and others. But the takeover is not going smoothly.

    Continue reading

Biting the hand that feeds IT © 1998–2022