Lots of malware actually uses this to communicate with infected hosts now-a-days. You see it a lot in the backdoors used for more targeted attacks.
AFAIK, going wayyy back, this strategy was first talked about by Sophsec at an infosec conference in 2006. They made a library called libomg that would log into social networks and webmail to communicate with infected bots and they had various strategies for doing so. The most hilarious was the myspace module which automatically set up networks of teen girls who chatted in uh teen-speak, which were actually hidden commands for the other bots to log in and retrieve. It was awesome.
The most hilarious was the myspace module which
automatically set up networks of teen girls
who chatted in uh teen-speak
Makes sense - teen-speak barely means anything and it's frustrating as hell to read, so normal people usually turn away before starting to see suspicious patterns.
AFAIK, going wayyy back, this strategy was first talked about by Sophsec at an infosec conference in 2006. They made a library called libomg that would log into social networks and webmail to communicate with infected bots and they had various strategies for doing so. The most hilarious was the myspace module which automatically set up networks of teen girls who chatted in uh teen-speak, which were actually hidden commands for the other bots to log in and retrieve. It was awesome.