Command and Control via Twitter

A researcher from Arbor Networks has discovered several Twitter accounts that are being used to successfully communicate with and issue commands to a botnet linked to Brazilian identity thieves.
The botherders use tweets to issue these commands, and the bots listen via a simple RSS feed. Once a new tweet is posted, the bots react. The tweets themselves are actually base64 encoded links from which the bots are to download their new payloads. The links utilize another popular malware author medium, the shortened URL service, this time Bit.ly, which can be seen once the base64 is decoded. By using the shortener, the botherders can continue to obfuscate their path, as well as move around the actual location where their payloads are hosted without missing a beat.
This shows another spark of creativity by the dark side, utilizing a popular medium of communication to do their dirty work. I'm guessing this won't be the last time we see this given its elegance and ease. I'm not sure it will rival the popularity of the private IRC channel for bot C&C, but I'm sure there are more out there already now that the cat is out of the bag.
Screen Capture Courtesy of Arbor Networks