Tag

cybercrime

Browsing

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

Dormant Twitter Botnet with 350K Accounts – For Good or Bad?

The MIT Technology Review discussed the discovery of a botnet with 350,000 Twitter accounts that has been dormant since 2013. This dormant botnet has remained undiscovered for multiple years, with no one knowing its mission. Does it have a good use? Could a government use or own it? Alternatively, could it be aging for sale to malicious hackers? Could someone use it to influence trending shopping, news, or even an election? (Note: This botnet was not used during the U.S. election.)

Smaller botnets have been used to create the appearance of more followers. Some people will pay for more followers. It is often “stars” who need the attention more followers creates. This can create higher payouts for movies or fashion, etc.

Spammers have used botnets for decades with email systems. It is not a far reach to see updates in technology and using them in newer technology.

All of the above could also be used to manipulate or influence debates or public opinion. Imagine the use in polling.

Twitter is exploring botnet detection programs, but the botnet herders are fast to modify and change their herd to avoid detection.

The big unknown is how many botnets are on Twitter and what is their mission? The researchers who found this botnet state they believe there is another botnet with 500,000 Twitter accounts.

Websites Redirecting To Websites Injected With Malicious Script     

There are many ways to redirect web users. Some are very sophisticated. The pseudo-Darkleech attack campaign injects code into WordPress core files. This practice can create a risky iframe that redirects users to a page that is prepared with an exploit kit. Beginning in 2012, this type of attack targeted Apache servers.

A State of Security article by David Bisson describes some of the tricks and pitfalls for Chrome users. One of the tricks was the “Font not found” screen pushing people to a website to execute “Chrome_Font.exe”.  Users were tricked into installing the update.

Bisson wrote a lot more details for the tech crowd, while keeping the article understandable for the people who will be targeted. Hostile actors are always looking for new ways to ruin your day and find ways to increase their bitcoin account.

In the future, we need to pause and see where and who is telling us we need updates. Keep your system patched from the system updates versus a webpage with an unsolicited offer of an update.

Stay secure!

This article highlights cyber news that influences cyber defenders. Information is retrieved from aggregators and credit given to them.

Privacy Legionnaire aggregated today’s information! Join the Legion! https://paper.li/Stevens12Chris/1387375494