As if Twitter hasn't had enough problems trying to fend off malicious code taking down the site, Symantec Security Response Friday says it's looking into a botnet using Twitter as a command and
control structure to distribute malware. The online security company has dubbed the detected malware Downloader.Sninfs.
The malware being downloaded by Downloader.Sninfs is known to
Symantec as Infostealer.Bancos, according to the company's blog. The malware allows cybercriminals to steal passwords, in this case through a phishing site emulating certain Brazilian banks.
Although this malware attack squarely targets Twitter, Symantec Analyst Peter Coogan writes that the code can be used on alternative sites, too. Investigation and analysis of this threat has shown
that infected computers were following the Twitter feed "Upd4t3," which Twitter has now suspended through its RSS feed.
The compromised Twitter account was sending system information where
additional threats could be downloaded. The Twitter RSS file was acting like a configuration file for the malware.
Coogan has not seen additional commands other than download files being issued
through the Twitter.com RSS feed, but the Symantec will continue to investigate whether this is in fact a botnet. For now, he suggests, Tweeterers should refrain from accepting "friend" or "follow"
requests from people they don't know or trust on social networking sites, and clicking on links from unknown or untrusted sources.