Bkav Charges AWS for Malware Infection
Bkav, a Vietnamese known network security firm, asserts that AWS (Amazon Web Services) gave a cloud-computing patron an un-patched edition of Windows that caused a malware infection, reported mspnews.com on April 24, 2014.
The security firm started probing the case only after the complaint of a customer of AWS noting Bkav software had failed to grab hold of the information stealing malware.
Bkav alleges that AWS, a part of e-retailer Amazon, originally handed the customer a version of Windows Server 2003 without being fixed since October 2009. As per CVE details, 300 vulnerabilities have been reported in the operating system during the last five years.
Csoonline.com published a report on 23rd April, 2014 quoting Ngo Tuan Anh, Vice President of Internet security of Bkav as saying that Bkav thinks the OS was compromised before the patron had a option to update the software.
Anh said that hackers constantly scan the Internet for flaws in servers and so they probably discovered the un-patched OS and infected it with malware as soon as it was turned on.
Ideally, when a company chooses cloud-computing service of Amazon, it selects a package of technologies including a fully-patched OS (operating system), application server and applications. It is unclear how Bkav customer got the un-patched software.
Talkincloud.com published news on 25th April, 2014 quoting Anh as saying that 5 years are more than sufficient to expose and exploit hundreds or even thousands of flaws and the possibility of being infiltrated is certain because of high-level of net connection nowadays".
Bkav rented Amazon servers in diverse AWS regions around the world and as per the company, the flaw existed each time. Sometimes the fixes were more new, but still, many were only fixed until March-2012.
Anh added that in prior investigations, we always wondered to find that criminals were able to activate such a big number of servers for DDoS attacks while establishing phishing websites or spreading malware. The answer seems to be clear now because on an average, one-third of Internet users access an Amazon AWS cloud website once a day.
However, Amazon does not agree with investigation of Bkav and blames it for erroneous information.
» SPAMfighter News - 09-05-2014