• by Laurie Sullivan  @lauriesullivan, August 14, 2009

As if Twitter hasn't had enough problems trying to fend off malicious code taking down the site, Symantec Security Response Friday says it's looking into a botnet using Twitter as a command and control structure to distribute malware. The online security company has dubbed the detected malware Downloader.Sninfs.

The malware being downloaded by Downloader.Sninfs is known to Symantec as Infostealer.Bancos, according to the company's blog. The malware allows cybercriminals to steal passwords, in this case through a phishing site emulating certain Brazilian banks.

Although this malware attack squarely targets Twitter, Symantec Analyst Peter Coogan writes that the code can be used on alternative sites, too. Investigation and analysis of this threat has shown that infected computers were following the Twitter feed "Upd4t3," which Twitter has now suspended through its RSS feed.

The compromised Twitter account was sending system information where additional threats could be downloaded. The Twitter RSS file was acting like a configuration file for the malware.

Coogan has not seen additional commands other than download files being issued through the Twitter.com RSS feed, but the Symantec will continue to investigate whether this is in fact a botnet. For now, he suggests, Tweeterers should refrain from accepting "friend" or "follow" requests from people they don't know or trust on social networking sites, and clicking on links from unknown or untrusted sources.