[ISN] Hackers find a home in Amazon's EC2 cloud

From: InfoSec News <alerts_at_private>
Date: Fri, 11 Dec 2009 04:20:37 -0600 (CST)

By Robert McMillan
IDG News Service 
December 9, 2009

Security researchers have spotted the Zeus botnet running an 
unauthorized command and control center on Amazon's EC2 cloud computing 

This marks the first time Amazon Web Services' cloud infrastructure has 
been used for this type of illegal activity, according to Don DeBolt, 
director of threat research with HCL Technologies, a contractor that 
does security research for CA. The hackers didn't do this with Amazon's 
permission, however. They got onto Amazon's infrastructure by first 
hacking into a Web site that was hosted on Amazon's servers and then 
secretly installing their command and control infrastructure.

DeBolt declined to say whose Web site was hacked to get onto Amazon's 
cloud, but the Zeus software has now been removed, he said. Zeus is a 
password-stealing botnet. Variants of this malware have been linked to 
more than US$100 million in bank fraud in the past year.

He thinks the hackers may have just stumbled on a Web site with a 
security vulnerability -- they may have hacked the site's software or 
simply stolen an administrative password from a desktop computer to get 
on the site. "I think it's more a target of opportunity than a target of 
choice," he said.


Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
Received on Fri Dec 11 2009 - 02:20:37 PST

This archive was generated by hypermail 2.2.0 : Fri Dec 11 2009 - 02:32:21 PST