• Email
• Linkedin

TROJ_TWEBOT.STB

---

• �ޥ륦����������: �ȥ�����ľ�R��
• �Ɖ���Ӥ��Пo: �ʤ�
• ���Ż�: �ʤ�
• ��Ⱦ�����Пo: �Ϥ�

---

? ��Ҫ

�ޥ륦�����ϡ����Υޥ륦�����Υѥå��`���ȤȤ�˥���ݩ`�ͥ�ȤȤ��ƥ���ԥ�`�������뤷�ޤ��� �ޥ륦�����ϡ����⤢��±�������Ȥ����`������äƥ�������`�ɤ��뤳�Ȥˤ�ꡢ����ԥ�`�������뤷�ޤ���

---

  Ԕ��

���뷽��

�ޥ륦�����ϡ����Υޥ륦�����Υѥå��`���ȤȤ�˥���ݩ`�ͥ�ȤȤ��ƥ���ԥ�`�������뤷�ޤ���

�ޥ륦�����ϡ����⤢��±�������Ȥ����`������äƥ�������`�ɤ��뤳�Ȥˤ�ꡢ����ԥ�`�������뤷�ޤ���

������

���Υޥ륦�����Υ��`�ɤ��顢�ޥ륦�����ϡ����¤λ��ܤ򱸤��Ƥ��ޤ���

• Connects to the target Twitter user to read the attacker's tweets.These tweets can be commands for the botnet. Some of these commands are as follows:
  • .DOWNLOAD*{link}*[0/1] - This command orders the bot servers to download a file from a specified link. If a 0 (zero) is appended in the URL, it downloads the file only. Else, if the appended number is 1, the bot downloads and executes the file.
  • .DDOS*{IP}*{UDP port} - This command orders the bot servers to launch a UDP distributed denial of service (DDoS) attack to the declared IP address.
  • .VISIT*{link}*[0/1] - The .visit command connects the botnet servers to the link. The 0 (zero) at the end keeps the Internet browser hidden, and the 1 at the end makes the browser visible. An attacker can use this command to open a malicious site or cause confusion at the victim's end when a funny or scary website is opening about every 20 seconds.
  • .SAY*{message} - This command allows the bot servers to use the Text-to-Speech application of Microsoft Windows to read the tweet. It keeps repeating the message every 20 seconds until a .STOP command tweet is issued.
  • .STOP - This command stops all activities of connected bot servers.
  • .REMOVEALL - This commands removes all connected bot servers.
• Creates the Twitter bot server file, TwitterNet.exe, that live casino online also detects as TROJ_TWEBOT.STB.

�ޥ륦�����ϡ����¤λ�����ʾ���ޤ���

• 
  

---

  ���귽��