Twitter DM character limit liberation spells opportunity for botnets
London security researcher Paul Amar has built a tool capable of exploiting Twitter’s extended direct messaging function for covert botnet command and control.
Amar created Twittor which allows attackers of white or black hats to create a fleet of compromised machines that can communicate, receive instructions, and update over the social network.
Twitter removed its 140 character limit for private direct messages between accounts in August.
It’s a stealthy attack, since the Twittor command-and-control network traffic looks the same as legitimate tweeting, so bots are hard to seek out and destroy, Amar says.
Twittor bots are limited to 100 direct messages a day. New bots can be created with additional accounts however.
The Python based Twittor can be downloaded on Github.
Amar has published other tools included a cross-site request forgery hacking toolkit and contributed to a Shodan Firefox extension. ®
Bootnote: Walla and rhubarb are the retrospective US and British terms in the media industry given to indistinct background chatter on TV and radio.
Sponsored:
2015 Cost of Cyber Crime Study: United States
Article source: http://go.theregister.com/feed/www.theregister.co.uk/2015/11/13/twitter_dm_character_limit_liberation_spells_opportunity_for_botnets/