Zeus botnet finds hold in Amazon cloud

Sunday, December 20, 2009

The cybercriminals behind the Zeus botnet used Amazon's Elastic Computing Cloud (EC2) to host the central server used to control a portion of the compromised machines, security firm CA stated on Thursday.

The company found that infected machines would contact a server hosted in Amazon's cloud to download updates and additional functionality to any infected computer systems. The malicious software would then steal data and banking login credentials, Methusela Cebrian Ferrer, senior researcher at CA, said in a blog post.

"The group behind this criminal activity is obviously doing it for financial gain – stealing both your identity and your money," Ferrer stated. "In this variant, we have learned how cloud on-demand -- pay-as-you-use -- offerings could be used to fuel such online cybercrimes."

A number of security experts have predicted that cybercriminals will increasingly find uses for legitimate cloud services, such as Amazon's Elastic Computing Cloud (EC2) and Google's App Engine. This week, hacker Moxie Marlinspike kicked off a wireless password cracking service hosted in the cloud. The service, WPA Cracker, can compare the hash from a WiFi Protected Access network against 135 million possibilities in 40 minutes.

A report from June alleged that brute force attacks against a secure shell service were coming from Amazon's cloud service.

The command-and-control server has since been removed from Amazon's service, CA stated.



Post a Comment