August 01, 2011, 2:20 PM — Gangs of botnet drivers and other cybercriminals are using Amazon's cloud platform as a distribution hub for malware and as a command-and-control mechanism for the computers their malware infects, according to reports from Kaspersky Labs.
A rootkit called SpyEye that is designed for attacks on online banking services was spotted on Amazon's cloud by Kaspersky researchers in early June. Kaspersky analyst Dmitry Bestuzhev wrote that the malware was uploaded by a gang from Brazil, which was using Amazon's infrastructure to spread the trojan and to control it.
Two days later Amazon had the links to the operation shut down.
Kaspersky posted a graph showing the consistent, heavy exploitation of Amazon cloud resources for SpyEye during the past several weeks.
In 2009 botnet drivers ran command and control on an earlier SpyEye variant from Amazon's cloud; in May, hackers attacking Sony used Amazon as a jumping off point.
Last year Amazon servers were so heavily infected with the Zeus Trojan, Amazon had to distribute to customers instructions on how to clean Zeuss -- which Symantec called 'The King of Crimeware' – from their virtual infrastructures.
Amazon's efforts to keep its cloud clean are largely successful, but sometimes overzealous – banning legitimate users and code due to false positive malware readings and a tendency not to investigate too much before acting.
Overall that's an indication that the cloud will be no cleaner than any other environment humans have colonized.
The potential for much greater efficiency in automated malware and cyberattacks makes the use of public clouds much more potentially dangerous than typical malware seed sites, though.