A researcher looking into the attacks that knocked Twitter offline last week discovered another, unrelated security problem.
At least one criminal was using a Twitter account to control a network of a couple hundred infected personal computers, mostly in Brazil. Networks of infected PCs are referred to as “botnets” and are responsible for so much of the mayhem online, from identity theft to spamming to the types of attacks that crippled Twitter.
Jose Nazario with Arbor Networks said he found a Twitter account that was used to send out what looked like garbled messages. But they were actually commands for computers in a botnet to visit malicious Web sites, where they download programs that steal banking passwords.
The affected Twitter account was taken down. Twitter didn’t immediately respond to e-mails for comment.
Nazario said what appeared to be the same person was doing the same thing on an account with a Google Inc. service called Jaiku, which is similar to Twitter.
Google said the affected account was shut down.