This time the attackers use social media sites to shield their malicious activity reveals the "dark, hidden core" of cloud services.
They enlist the help from Social Sites like twitter, google-groups, and yahoo's e-mail application programming interface, to accomplish their feats.
In this case, infected computers were programmed to access social sites including Twitter, Baidu blogs, and Google Groups, where they were directed to the URL of a control server. Using the social sites allowed attackers to move their operations whenever part of their infrastructure was shut down. It also kept network administrators from becoming suspicious.
The attackers also made innovative use of Yahoo's e-mail application programming interface. Their malware instructed infected computers to connect to attackers' Yahoo mail accounts through this interface, then report on their name, operating system, and IP address. The attackers also used this connection to install additional malware on the computer, and to issue commands. This system served mainly as a backup for the attackers, in case the Web-based infrastructure was disabled.
Not only does it make it harder for administrators to see that traffic is going to the botnet, but it also makes it harder for them to stop it. Administrators generally can't blacklist a site such as Twitter or Google Groups without causing too much pain to legitimate users."
Link to Original Source