{"id":574,"date":"2009-08-18T15:45:40","date_gmt":"2009-08-18T18:45:40","guid":{"rendered":"https:\/\/www.talsoft-security.com\/site\/?p=574"},"modified":"2009-08-18T15:45:40","modified_gmt":"2009-08-18T18:45:40","slug":"malware-y-botnet-a-traves-de-twitter","status":"publish","type":"post","link":"https:\/\/www.talsoft-security.com\/site\/malware-y-botnet-a-traves-de-twitter\/","title":{"rendered":"Malware y botnet a trav\u00e9s de Twitter"},"content":{"rendered":"<p>Cuando un sistema es infectado, generalmente es controlado remotamente recibiendo comandos a trav\u00e9s de canales de IRC, P2P \u00f3 HTTP. Jos\u00e9 Nazario (Arbor Networks) en cambio, encontr\u00f3 un interesante ejemplo de un botnet activa y real que hac\u00eda uso de Twitter como panel control.<\/p>\n<p>Nada nuevo<\/p>\n<p>Durante una de las presentaci\u00f3n en Defcon 17, Tom Eston y Kevin Johnson mostraron una prueba de concepto de un bot llamado KreiosC2, cuyo funcionamiento es bastante sencillo, solo hay que crear una cuenta en Twitter y configurar el bot para que la siga (follow); cuando queremos que el bot haga algo solo basta con enviar una actualizaci\u00f3n en dicha cuenta de Twitter. Ejemplo: \u201ccmd: look at 128.47.220.51\u201d har\u00e1 que ejecute el comando ping a la direcci\u00f3n IP 128.47.220.51.<\/p>\n<p>Debido a que Twitter cuenta con la habilidad de detectar y filtrar texto entre las actualizaciones enviadas por sus usuarios, es posible modificar el lenguaje de los comandos din\u00e1micamente as\u00ed como tambi\u00e9n utilizar codificaci\u00f3n Base64 y\/o alg\u00fan tipo de encriptaci\u00f3n.<\/p>\n<p>Es interesante ver como ya hay alguien haciendo uso de esta prueba de concepto para actividades fraudulentas; en este caso la botnet descubierta habr\u00eda estado siendo utilizada por un troyano bancario cuyo objetivo serian entidades brasileras, Banco do Brasil seria una de ellas.<\/p>\n<p>Actualizaci\u00f3n: Kaspersky Lab y Jose Nazario publican una entrada en su blog en donde muestran capturas y m\u00e1s informaci\u00f3n sobre este malware que tambi\u00e9n estar\u00eda haciendo uso de Jaiku, adem\u00e1s de Twitter.<\/p>\n<p>Fuente: Martin Aberastegue y SeguInfo<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cuando un sistema es infectado, generalmente es controlado remotamente recibiendo comandos a trav\u00e9s de canales de IRC, P2P \u00f3 HTTP. Jos\u00e9 Nazario (Arbor Networks) en cambio, encontr\u00f3 un interesante ejemplo de un botnet activa y real que hac\u00eda uso de Twitter como panel control. Nada nuevo Durante una de las presentaci\u00f3n en Defcon 17, Tom [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-574","post","type-post","status-publish","format-standard","hentry","category-profesional"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>TalSoft - Seguridad Inform\u00e1tica Empresarial - Malware y botnet a trav\u00e9s de Twitter<\/title>\n<meta name=\"description\" content=\"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.talsoft-security.com\/site\/malware-y-botnet-a-traves-de-twitter\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Leandro Ferrari\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/malware-y-botnet-a-traves-de-twitter\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/malware-y-botnet-a-traves-de-twitter\/\"},\"author\":{\"name\":\"Leandro Ferrari\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8\"},\"headline\":\"Malware y botnet a trav\u00e9s de Twitter\",\"datePublished\":\"2009-08-18T18:45:40+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/malware-y-botnet-a-traves-de-twitter\/\"},\"wordCount\":268,\"publisher\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\"},\"articleSection\":[\"Profesional\"],\"inLanguage\":\"en-GB\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/malware-y-botnet-a-traves-de-twitter\/\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/malware-y-botnet-a-traves-de-twitter\/\",\"name\":\"TalSoft - Seguridad Inform\u00e1tica Empresarial - Malware y botnet a trav\u00e9s de Twitter\",\"isPartOf\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#website\"},\"datePublished\":\"2009-08-18T18:45:40+00:00\",\"description\":\"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.\",\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.talsoft-security.com\/site\/malware-y-botnet-a-traves-de-twitter\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#website\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/\",\"name\":\"TalSoft TS - Services IT Security\",\"description\":\"Talsoft is transforming awareness, control and decision-making power so that companies can protect their critical and confidential information from computer attacks.\",\"publisher\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.talsoft-security.com\/site\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#organization\",\"name\":\"Talsoft TS\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png\",\"contentUrl\":\"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png\",\"width\":270,\"height\":125,\"caption\":\"Talsoft TS\"},\"image\":{\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"http:\/\/www.facebook.com\/talsoftsrl\",\"https:\/\/x.com\/talsoft\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8\",\"name\":\"Leandro Ferrari\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g\",\"caption\":\"Leandro Ferrari\"},\"sameAs\":[\"http:\/\/www.talsoft.com.ar\",\"https:\/\/www.facebook.com\/talsoftsrl\/\",\"https:\/\/x.com\/avatar_leandro\"],\"url\":\"https:\/\/www.talsoft-security.com\/site\/author\/leandro\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TalSoft - Seguridad Inform\u00e1tica Empresarial - Malware y botnet a trav\u00e9s de Twitter","description":"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.talsoft-security.com\/site\/malware-y-botnet-a-traves-de-twitter\/","twitter_misc":{"Written by":"Leandro Ferrari","Estimated reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.talsoft-security.com\/site\/malware-y-botnet-a-traves-de-twitter\/#article","isPartOf":{"@id":"https:\/\/www.talsoft-security.com\/site\/malware-y-botnet-a-traves-de-twitter\/"},"author":{"name":"Leandro Ferrari","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8"},"headline":"Malware y botnet a trav\u00e9s de Twitter","datePublished":"2009-08-18T18:45:40+00:00","mainEntityOfPage":{"@id":"https:\/\/www.talsoft-security.com\/site\/malware-y-botnet-a-traves-de-twitter\/"},"wordCount":268,"publisher":{"@id":"https:\/\/www.talsoft-security.com\/site\/#organization"},"articleSection":["Profesional"],"inLanguage":"en-GB"},{"@type":"WebPage","@id":"https:\/\/www.talsoft-security.com\/site\/malware-y-botnet-a-traves-de-twitter\/","url":"https:\/\/www.talsoft-security.com\/site\/malware-y-botnet-a-traves-de-twitter\/","name":"TalSoft - Seguridad Inform\u00e1tica Empresarial - Malware y botnet a trav\u00e9s de Twitter","isPartOf":{"@id":"https:\/\/www.talsoft-security.com\/site\/#website"},"datePublished":"2009-08-18T18:45:40+00:00","description":"Talsoft transforma la visi\u00f3n de las empresas para que puedan proteger su informaci\u00f3n cr\u00edtica y confidencial frente ataques inform\u00e1ticos. Cons\u00faltenos sin cargo.","inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.talsoft-security.com\/site\/malware-y-botnet-a-traves-de-twitter\/"]}]},{"@type":"WebSite","@id":"https:\/\/www.talsoft-security.com\/site\/#website","url":"https:\/\/www.talsoft-security.com\/site\/","name":"TalSoft TS - Services IT Security","description":"Talsoft is transforming awareness, control and decision-making power so that companies can protect their critical and confidential information from computer attacks.","publisher":{"@id":"https:\/\/www.talsoft-security.com\/site\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.talsoft-security.com\/site\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"https:\/\/www.talsoft-security.com\/site\/#organization","name":"Talsoft TS","url":"https:\/\/www.talsoft-security.com\/site\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/","url":"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png","contentUrl":"https:\/\/www.talsoft-security.com\/site\/wp-content\/uploads\/2014\/02\/talsoft_logo_270x125.png","width":270,"height":125,"caption":"Talsoft TS"},"image":{"@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/logo\/image\/"},"sameAs":["http:\/\/www.facebook.com\/talsoftsrl","https:\/\/x.com\/talsoft"]},{"@type":"Person","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/83d2ebde035a5a030c14e522351953c8","name":"Leandro Ferrari","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.talsoft-security.com\/site\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/cd259c10675b9fd302b2e6264231febeeeb3de578400cf8c91c6577e50a0d34a?s=96&d=mm&r=g","caption":"Leandro Ferrari"},"sameAs":["http:\/\/www.talsoft.com.ar","https:\/\/www.facebook.com\/talsoftsrl\/","https:\/\/x.com\/avatar_leandro"],"url":"https:\/\/www.talsoft-security.com\/site\/author\/leandro\/"}]}},"_links":{"self":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/574","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/comments?post=574"}],"version-history":[{"count":1,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/574\/revisions"}],"predecessor-version":[{"id":575,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/posts\/574\/revisions\/575"}],"wp:attachment":[{"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/media?parent=574"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/categories?post=574"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.talsoft-security.com\/site\/wp-json\/wp\/v2\/tags?post=574"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}