What about bots that use social networking sites? There have been a few discussions and examples of using Blogger in the past and, more recently, Twitter, but very few proof of concepts -- until this morning. Robin Wood, from digininja.org, posted an e-mail to the PaulDotCom mailing list about a Twitter-based bot, called TwitterBot, that he wrote in Ruby.
Robin's example is simple, but gives a glimpse of what could be done. In his example, you create an account that the bot follows. When you want the bot to do something, you post a "tweet" to the C&C Twitter account. The bot will then execute that command upon its next check-in. Very cool stuff. For more info, check out Robin's page.
Defense against bots using social networks is easy if you can simply block all social networks. But that might not be an option for companies that are increasingly using social networking to spread their marketing message. For example, it's not uncommon for the CEO of a tech company to blog, or for the marketing team to use Twitter to discuss new products.
Trying to defend against HTTP bots gets even trickier when you realize that social networking sites aren't the only public avenue to post commands. Consider sites, like Amazon, that let you post product reviews. It would very easy to post a seemingly innocuous comment about a product that turned out to have an embedded command in it.
Is it time to rethink letting your employees have Internet access? I know that seems drastic, but how many of your employees really and truly need Web access to do their jobs?
John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.