SAN JOSE, Calif. — Twitter’s been having a rough couple of weeks.
A researcher looking into the attacks that knocked Twitter offline earlier this month discovered another, unrelated security problem.
At least one criminal was using a Twitter account to control a network of a couple hundred infected personal computers, mostly in Brazil. Networks of infected PCs are referred to as “botnets” and are responsible for so much of the mayhem online, from identity theft to spamming to the types of attacks that crippled Twitter.
Jose Nazario with Arbor Networks said he found a Twitter account that was used to send out what looked like garbled messages. But they were actually commands for computers in a botnet to visit malicious websites, where they download programs that steal banking passwords.
The affected Twitter account was taken down. Twitter didn’t immediately respond to e-mails for comment.
Nazario said what appeared to be the same person was doing the same thing on an account with a Google Inc. service called Jaiku, which is similar to Twitter.
Google said the affected account was shut down.
The technique Nazario described isn’t sophisticated, and a couple hundred infected computers is small when some botnets contain hundreds of thousands of infected PCs.
But it shows how criminals are finding inventive ways to exploit legitimate social networking services to help with their dirty work. One reason social networks are an attractive target for crooks is because their content is hard to monitor and because people click on lots of links inside their accounts, which is a key way computer infections are spread.
