In an ongoing effort to evade malware detection, hackers have started to hide their 'command and control' instructions in legitimate sites like Twitter and Google Groups -- and with limited fear of being discovered.

Recent Google Groups Trojan

News of a recent attack broke after security specialists at Symantec followed a Trojan horse programmed to visit a private "Google Groups" newsgroup called escape2sun. After visiting the page, PCs were instructed to download encrypted instructions and software updates for malware.

Experts call these 'command and control' instructions and are used to communicate with infected PCs and to update malicious software. On the heels of this discovery, researchers learned that hackers are also hiding messages in RSS feeds that are set up to broadcast as "Twitter Tweets". (Source: yahoo.com)

Traditionally, only infected PCs would respond to the 'command and control' type of instruction found via IRC (Internet Relay Chat) servers or by hiding commands in obscure websites. The exodus away from this method and towards legitimate sites comes after the realization that more and more security programs are getting better at uncovering even the most remote websites.

Twitter, Facebook Not Likely Restricted

Restricting access to a malicious remote server is easy enough to do: once the site is blocked, the payload cannot be delivered. However, since the payload is now incorporated into legitimate domains such as Facebook and Twitter, restricting access to these legitimate sites becomes an improbable task.

It appears that Symantec detected the Trojan horse early enough because the prototype malicious script was merely used to gather information needed for future attacks. While that part may be good news, knowledge that such behavior exists also presents a preview into the disturbing, continuing relationship between hacker and social networking mediums. (Source: informationweek.com)