Follow Slashdot stories on Twitter


Forgot your password?

Submission + - Hacking, with the help from Social Sites ( 1

Taco Cowboy writes: MIT's Technology Review has revealed a new twist on botnet hacking.

This time the attackers use social media sites to shield their malicious activity reveals the "dark, hidden core" of cloud services.

They enlist the help from Social Sites like twitter, google-groups, and yahoo's e-mail application programming interface, to accomplish their feats.

In this case, infected computers were programmed to access social sites including Twitter, Baidu blogs, and Google Groups, where they were directed to the URL of a control server. Using the social sites allowed attackers to move their operations whenever part of their infrastructure was shut down. It also kept network administrators from becoming suspicious.

The attackers also made innovative use of Yahoo's e-mail application programming interface. Their malware instructed infected computers to connect to attackers' Yahoo mail accounts through this interface, then report on their name, operating system, and IP address. The attackers also used this connection to install additional malware on the computer, and to issue commands. This system served mainly as a backup for the attackers, in case the Web-based infrastructure was disabled.

Not only does it make it harder for administrators to see that traffic is going to the botnet, but it also makes it harder for them to stop it. Administrators generally can't blacklist a site such as Twitter or Google Groups without causing too much pain to legitimate users.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Hacking, with the help from Social Sites

Comments Filter:
  • I personally believe that this will greatly affect the community in a way that people in the future will be afraid of approaching new SNSs and they will hardly access their facebook accounts and other social networking accounts when a large number of hackers steal almost complete identities of people all around the world. Of course people will still use SNSs but it doesn't ignore the fact that people will eventually freak out and not know what to do with their personal accounts if botnet hacking never gets

"Being against torture ought to be sort of a bipartisan thing." -- Karl Lehenbauer