Twitter botnet creation made simple

News
By published

A new tool has been created designed to make it simple to carry out botnet attacks over Twitter.

Twitter

A new tool designed to make botnet-based attacks over Twitter simpler has been created, according to a security expert.

Named the TwitterNet Builder, it can create botnets to carry out a variety of actions, including installation of software or a distributed denial-of-service attack, explained Sunbelt Software researcher Christopher Boyd, in a blog post.

Once the end user is infected, the attacker can post commands telling the botnet what action they want it to take from a specified Twitter account.

Twitter has now been notified of the problem and is looking into it, Boyd noted.

"All in all, a very slick tool and no doubt script kiddies everywhere are salivating over the prospect of hitting a website with a DDoS from their mobile phones," Boyd said.

Fortunately for Twitter users, there are drawbacks to the system. "This doesn't work if the person controlling the bots attempts to hide their commands with a private Twitter page," Boyd added.

Being public means that Twitter should be able to block anyone issuing such commands and it only takes a search on the micro-blogging service to identify those using the attack method.

Graham Cluley, senior technology consultant at Sophos, had seen Boyd's blog and also pointed to the flaws of the botnet creator.

"If a botnet is reliant upon Twitter accounts to give it its commands then it's relatively easy to cut off the head and disable accounts. The guys at Twitter are shutting down accounts all the time because of spam, or porn, or phishing, or faking identities," he told IT PRO.

He did have a warning, however, about other threats on Twitter, such as spam and malicious links being placed on the service.

"We see lots of automated accounts being created with fake profiles which then lure you in with sexy pictures and sexy chat and then ultimately you are given a malicious link," he said.

He also pointed to the recent bug that let some users force others to follow them, which "could have been very nasty".

"One wonders how many other flaws might there be on Twitter which we simply don't know about at the moment," Cluley added.

Tom Brewster
Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.

Male software engineer working on a laptop at a home office desk with two PC monitors sitting on top of desk.

‘This shift highlights not just a continuation but a broad acceptance of remote work as the norm’: Software engineers are sticking with remote work and refusing to budge on RTO mandates – and 21% would quit if forced back to the office
Ransomware concept image showing a warning symbol in red with binary code in background.

Healthcare systems are rife with exploits — and ransomware gangs have noticed
Application security concept image showing a digitized padlock placed upon a digital platform.

ESET looks to ‘empower’ partners with cybersecurity portfolio updates
See more latest
Most Popular
Male software engineer working on a laptop at a home office desk with two PC monitors sitting on top of desk.
‘This shift highlights not just a continuation but a broad acceptance of remote work as the norm’: Software engineers are sticking with remote work and refusing to budge on RTO mandates – and 21% would quit if forced back to the office
Ransomware concept image showing a warning symbol in red with binary code in background.
Healthcare systems are rife with exploits — and ransomware gangs have noticed
Application security concept image showing a digitized padlock placed upon a digital platform.
ESET looks to ‘empower’ partners with cybersecurity portfolio updates
Databricks logo and branding pictured on a MacBook Pro screen.
Databricks and Anthropic are teaming up on agentic AI development – here’s what it means for customers
Dell Technologies logo and branding pictured at the company's stall at Mobile World Congress (MWC) in Barcelona, Spain.
Scale of Dell job cuts laid bare as firm sheds 10% of staff in a year
Male employee sitting at a desk working on a laptop with earphones in and books scattered on desk.
Employees want purpose, and they’re willing to quit to find it – upskilling, career growth, and work-life balance have shifted priorities for workers
NHS logo displayed on a smartphone screen in white lettering on a blue background.
NHS supplier hit with £3m fine for security failings that led to attack
OpenAI logo and branding pictured at Mobile World Congress 2024 in Barcelona, Spain.
OpenAI announces five-fold increase in bug bounty reward
Digital handshake concept with Hand shake between two businessmen with digital hand
SYSPRO appoints Josef Al-Sibaie to spearhead global expansion
ChatGPT logo and branding pictured in white coloring against a black backdrop.
DeepSeek and Anthropic have a long way to go to catch ChatGPT: OpenAI's flagship chatbot is still far and away the most popular AI tool in offices globally