Bank-attack malware turns power of Amazon's cloud to the dark side, again

Brazilians, others use Amazon to distribute, control SpyEye malware


Gangs of botnet drivers and other cybercriminals are using Amazon's cloud platform as a distribution hub for malware and as a command-and-control mechanism for the computers their malware infects, according to reports from Kaspersky Labs.

A rootkit called SpyEye that is designed for attacks on online banking services was spotted on Amazon's cloud by Kaspersky researchers in early June. Kaspersky analyst Dmitry Bestuzhev wrote that the malware was uploaded by a gang from Brazil, which was using Amazon's infrastructure to spread the trojan and to control it.

Two days later Amazon had the links to the operation shut down.

As of Friday, SpyEye and the Brazilians were back, and had been for weeks, this time using Amazon's Simple Storage Service as a control mechanism.

Kaspersky posted a graph showing the consistent, heavy exploitation of Amazon cloud resources for SpyEye during the past several weeks.

It's not the first time Amazon has been used as a platform for cybercrime.

In 2009 botnet drivers ran command and control on an earlier SpyEye variant from Amazon's cloud; in May, hackers attacking Sony used Amazon as a jumping off point.

Last year Amazon servers were so heavily infected with the Zeus Trojan, Amazon had to distribute to customers instructions on how to clean Zeuss -- which Symantec called 'The King of Crimeware' – from their virtual infrastructures.

Amazon's efforts to keep its cloud clean are largely successful, but sometimes overzealous – banning legitimate users and code due to false positive malware readings and a tendency not to investigate too much before acting.

Overall that's an indication that the cloud will be no cleaner than any other environment humans have colonized.

The potential for much greater efficiency in automated malware and cyberattacks makes the use of public clouds much more potentially dangerous than typical malware seed sites, though.

Join us:






Cloud ComputingWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question