Juraj Malcho, the Head of our Lab in Bratislava, reports that there have been further developments regarding the tool for creating Twitter-controlled bots described by Jorge Mieres and Sebastián Bortnik, Security Analysts at ESET Latin America, in an earlier blog at http://www.eset.com/blog/2010/05/14/botnet-for-twits-applications-for-dummies.
As more information has come in, the detection name has been changed from MSIL/Agent.NBW to MSIL/Twebot.A, in an attempt to use a name that corresponds to one used by other vendors. Unfortunately, the industry has not standardized (no change there, then) on a single name (other names being used include Troj/Tbotcfg-A and Trojan.Twitbot.A), but at least this name should (slightly) reduce potential confusion among customers and others.
It also reflects the fact that this threat now looks like a significant malware family in its own right: a major MSIL/Twebot.B variant has already crawled out from under its rock.
David Harley CISSP FBCS CITP
Research Fellow & Director of Malware Intelligence
ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter:
ESET White Papers Page: http://www.eset.com/download/whitepapers.php
Securing Our eCity community initiative: http://www.securingourecity.org/
Also blogging at: