A new tool designed to make botnet-based attacks over Twitter simpler has been created, according to a security expert.
Named the TwitterNet Builder, it can create botnets to carry out a variety of actions, including installation of software or a distributed denial-of-service attack, explained Sunbelt Software researcher Christopher Boyd, in a blog post.
Once the end user is infected, the attacker can post commands telling the botnet what action they want it to take from a specified Twitter account.
Twitter has now been notified of the problem and is looking into it, Boyd noted.
"All in all, a very slick tool and no doubt script kiddies everywhere are salivating over the prospect of hitting a website with a DDoS from their mobile phones," Boyd said.
Fortunately for Twitter users, there are drawbacks to the system. "This doesn't work if the person controlling the bots attempts to hide their commands with a private Twitter page," Boyd added.
Being public means that Twitter should be able to block anyone issuing such commands and it only takes a search on the micro-blogging service to identify those using the attack method.
Graham Cluley, senior technology consultant at Sophos, had seen Boyd's blog and also pointed to the flaws of the botnet creator.
"If a botnet is reliant upon Twitter accounts to give it its commands then it's relatively easy to cut off the head and disable accounts. The guys at Twitter are shutting down accounts all the time because of spam, or porn, or phishing, or faking identities," he told IT PRO.
He did have a warning, however, about other threats on Twitter, such as spam and malicious links being placed on the service.
"We see lots of automated accounts being created with fake profiles which then lure you in with sexy pictures and sexy chat and then ultimately you are given a malicious link," he said.
He also pointed to the recent bug that let some users force others to follow them, which "could have been very nasty".
"One wonders how many other flaws might there be on Twitter which we simply don't know about at the moment," Cluley added.
-
Why keeping track of AI assistants can be a tricky businessColumn Making the most of AI assistants means understanding what they can do – and what the workforce wants from them
-
Nvidia braces for a $5.5 billion hit as tariffs reach the semiconductor industryNews The chipmaker says its H20 chips need a special license as its share price plummets
-
Who owns the data used to train AI?Analysis Elon Musk says he owns it – but Twitter’s terms and conditions suggest otherwise
-
Elon Musk confirms Twitter CEO resignation, allegations of investor influence raisedNews Questions have surfaced over whether Musk hid the true reason why he was being ousted as Twitter CEO behind a poll in which the majority of users voted for his resignation
-
Businesses to receive unique Twitter verification badge in platform overhaulNews There will be new verification systems for businesses, governments, and individuals - each receiving differently coloured checkmarks
-
Ex-Twitter tech lead says platform's infrastructure can sustain engineering layoffsNews Barring major changes the platform contains the automated systems to keep it afloat, but cuts could weaken failsafes further
-
‘Hardcore’ Musk decimates Twitter staff benefits, mandates weekly code reviewsNews The new plans from the CEO have been revealed through a series of leaked internal memos
-
Twitter could charge $20 a month for 'blue tick' verification, following Musk takeoverNews Developers have allegedly been given just seven days to implement the changes or face being fired
-
Twitter reports largest ever period for data requests in new transparency reportNews The company pointed to the success of its moderation systems despite increasing reports, as governments increasingly targeted verified journalists and news sources
-
IT Pro News In Review: Cyber attack at Ikea, Meta ordered to sell Giphy, new Twitter CEOVideo Catch up on the biggest headlines of the week in just two minutes
