A Mobile Botnet That Meets Up at Twitter

  • Yulong Dong
  • Jun DaiEmail author
  • Xiaoyan Sun
Conference paper
Part of the Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering book series (LNICST, volume 255)


Nowadays online social networking is becoming one of the options for botnet command and control (C&C) communication, and QR codes have been widely used in the area of software automation. In this paper, we orchestrate QR codes, Twitter, Tor network, and domain generation algorithm to build a new generation of botnet with high recovery capability and stealthiness. Unlike the traditional centralized botnet, our design achieves dynamic C&C communication channels with no single point of failure. In our design, no cryptographic key is hard-coded on bots. Instead, we exploit domain generation algorithm to produce dynamic symmetric keys and QR codes as medium to transport dynamic asymmetric keys. By using this approach, botnet C&C communication payload can be ensured in terms of randomization and confidentiality. We implement our design via Twitter and real-world Tor network. According to the experiment results, our design is capable to do C&C communication with low data and minimal CPU usage. The goal of our work is to draw defenders’ attention for the cyber abuse of online social networking and Tor network; especially, the searching feature in online social networks provides a covert meet-up channel, and needs to be investigated as soon as possible. Finally, we discuss several potential countermeasures to defeat our botnet design.


Mobile botnet Online social networking QR code 


  1. 1.
    Google announces over 2 billion monthly active devices on android.
  2. 2.
    Eslahi, M., Rostami, M.R., Hashim, H., Tahir, N.M., Naseri, M.V.: A data collection approach for mobile botnet analysis and detection. In: The IEEE Symposium on Wireless Technology and Applications (ISWTA), pp. 199–204. IEEE, Kota Kinabalu (2014)Google Scholar
  3. 3.
    Felt, A.P., Finifter, M., Chin, E., Hanna, S., Wagner D.: A survey of mobile malware in the wild. In: The 1st ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, pp. 3–14. ACM, Chicago (2011)Google Scholar
  4. 4.
    Cooke, E., Jahanian, F., McPherson, D.: The zombie roundup: understanding, detecting, and disrupting botnets. In: The Steps to Reducing Unwanted Traffic on the Internet on Steps to Reducing Unwanted Traffic on the Internet Workshop, p. 6. USENIX, Cambridge (2005)Google Scholar
  5. 5.
    Bailey, M., Cooke, E., Jahanian, F., Xu, Y., Karir, M.,: A survey of botnet technology and defenses. In: The Conference for Homeland Security on Cybersecurity Applications & Technology (CATCH09), pp. 299–304. IEEE, Washington (2009)Google Scholar
  6. 6.
    Eslahi, M., Salleh, R., Anuar, N.B.: MoBots: a new generation of botnets on mobile devices and networks. In: IEEE Symposium on Computer Applications and Industrial Electronics (ISCAIE), pp. 262–266. IEEE, Kota Kinabalu (2012)Google Scholar
  7. 7.
    Malatras, A., Freyssinet, E., Beslay, L.: Mobile botnets taxonomy and challenges. In: European Intelligence and Security Informatics Conference, pp. 149–152. IEEE, Manchester (2015)Google Scholar
  8. 8.
    Dagon, D., Gu, G., Lee, C.P., Lee, W.: A taxonomy of botnet structures. In: 23rd Annual Computer Security Applications Conference, pp. 325–339. IEEE, Miami Beach (2007)Google Scholar
  9. 9.
    Krombholz, K., Frühwirt, P., Kieseberg, P., Kapsalis, I., Huber, M., Weippl, E.: QR code security: a survey of attacks and challenges for usable security. In: Tryfonas, T., Askoxylakis, I. (eds.) HAS 2014. LNCS, vol. 8533, pp. 79–90. Springer, Cham (2014). Scholar
  10. 10.
    Kieseberg, P., et al.: QR code security. In: 8th International Conference on Advances in Mobile Computing and Multimedia, pp. 430–435. ACM, Paris (2010)Google Scholar
  11. 11.
    Kharraz, A., Kirda, E., Robertson, W., Balzarotti, D., Francillon, A.: Optical delusions: a study of malicious QR codes in the wild. In: the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 192–203. IEEE, Atlanta (2014)Google Scholar
  12. 12.
    Cui, X., Fang, B., Yin, L., Liu, X., Zang, T.: Andbot: towards advanced mobile botnets. In: the 4th USENIX Conference on Large-scale Exploits and Emergent Threats, p. 11. USENIX, Boston (2011)Google Scholar
  13. 13.
    Singh, A., Toderici, A.H., Ross, K., Stamp, M.: Social networking for botnet command and control. Int. J. Comput. Netw. Inf. Secur. 5, 11–17 (2013)Google Scholar
  14. 14.
    Yin, T., Zhang, Y., Li, S.: DR-SNBot: a social network-based botnet with strong destroy-resistance. In: 9th IEEE International Conference on Networking. Architecture, and Storage, pp. 191–199. IEEE, Tianjin (2014)Google Scholar
  15. 15.
    Shin, S., Gu, G.: Conficker and beyond: a large-scale empirical study. In: the 26th Annual Computer Security Applications Conference, pp. 151–160. ACM, Austin (2010)Google Scholar
  16. 16.
    Conficker’s estimated economic cost? \(\$\)9.1 billion.
  17. 17.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second- generation onion router. In: the 13th Conference on USENIX Security Symposium, p. 21. USENIX, San Diego (2004)Google Scholar
  18. 18.
  19. 19.
    Dong, Y.: An Android botnet that meets up at Twitter.
  20. 20.
    Hua, J., Sakurai, K.: A SMS-based mobile botnet using flooding algorithm. In: Ardagna, C.A., Zhou, J. (eds.) WISTP 2011. LNCS, vol. 6633, pp. 264–279. Springer, Heidelberg (2011). Scholar
  21. 21.
    Zeng, Y., Shin, K.G., Hu, X.: Design of SMS commanded-and- controlled and P2P-structured mobile botnets. In: The 5th ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 137–148. ACM, Tucson (2012)Google Scholar
  22. 22.
    Faghani, M. R., Nguyen, U. T.: Socellbot: A new botnet design to infect smartphones via online social networking. In: 25th IEEE Canadian Conference on Electrical and Computer Engineering, pp. 1–5. IEEE, Montreal (2012)Google Scholar
  23. 23.
    Nagaraja, S., Houmansadr, A., Piyawongwisal, P., Singh, V., Agarwal, P., Borisov, N.: Stegobot: a covert social network botnet. In: Filler, T., Pevný, T., Craver, S., Ker, A. (eds.) IH 2011. LNCS, vol. 6958, pp. 299–313. Springer, Heidelberg (2011). Scholar
  24. 24.
    Compagno, A., Conti, M., Lain, D., Lovisotto, G., Mancini, L.V.: Boten ELISA: A novel approach for botnet C&C in online social networks. In: IEEE Conference on Communications and Network Security, pp. 74–82. IEEE, Florence (2015)Google Scholar
  25. 25.
  26. 26.
    Thomas, K., Nicol, D.M.: The Koobface botnet and the rise of social malware. In: The 5th International Conference on Malicious and Unwanted Software, pp. 63–70. IEEE, Nancy (2010)Google Scholar
  27. 27.
  28. 28.
    Chasing Advanced Persistent Threats (APT).
  29. 29.
    Yao, H., Shin, D.: Towards preventing QR code based attacks on android phone using security warnings. In: The 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, pp. 341–346. ACM, Hangzhou (2013)Google Scholar
  30. 30.
    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 1–5 (2012)MathSciNetzbMATHGoogle Scholar
  31. 31.
    Daemen, J., Rijmen, V.: The Design of Rijndael: AES - The Advanced Encryption Standard. Springer, New York (2013). Scholar
  32. 32.
    Mobile twitter search.
  33. 33.
    Botnet prototype demonstration.
  34. 34.
    How secure is AES against brute force attacks. id=1279619
  35. 35.
    Gu, G., Perdisci, R., Zhang, J., Lee, W.: BotMiner: clustering analysis of network traffic for protocol and structure-independent botnet detection. In: The 17th USENIX Security Symposium, pp. 1–5. USENIX, San Jose (2008)Google Scholar
  36. 36.
    Gopalan, S., Kulkarni, A., Shah, A., Dai, J., Ouyang, J., Muyan-Ozcelik, P., Sun, X.: Dont be surprised: i see your mobile app stealing your data. In: ICNC 2018-Mobile Computing & Vehicle Communications Symposium, to appear. ICNC, Hawaii (2018)Google Scholar
  37. 37.

Copyright information

© ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering 2018

Authors and Affiliations

  1. 1.California State University, SacramentoSacramentoUSA

Personalised recommendations