Amazon's EC2 Server Used by Zeus Botnet

Security experts have identified Zeus botnet executing an illegal command and control channel oncloud computing infrastructure EC2 of Amazon, an application that permits users to hire computers so as to run their computer applications on that system.

Researchers from CA's Internet security business unit said that after getting foxed into installing the password-logging malware, their system started reporting for new instructions and updates to EC2.

Don DeBolt, threat research director at HCL Technologies that handles CA's security research, said for thathis issue marks the first time cloud infrastructure of Amazon Web Services has been applied to perform such an unlawful act, as per the news published by PCWorld on December 9, 2009.

However, Amazon's permission was not taken by hackers to do this. To sneak into the Amazon's infrastructure, their first step involved crumbling a website present on the Company's servers, followed by surreptitiously installing the command and control system.

As per the analysis from Dancho Danchev, a Zero Day blogger, who is an independent security consultant, it appears that cyber crooks behind Zeus have plugged into Relational Database Service of Amazon as a backup plan, if they get disconnected from their original domain, as per the news published by The Register on December 9, 2009.

According to the reports, Amazon's officials immediately disconnected the EC2 channel when they came to know about the hack.

Experts said that despite being the first publicly reported Zeus crimeware attack maltreating cloud-based services of Amazon, popular Web 2.0 services also faced similar assault. Over past few months, even Facebook, Twitter and Google's app engine's accounts have been distorted into master control channels for computers under the curse of stealthy malware.

For instance, in August 2009, security purveyor Arbor Networks identified a botnet which used Twitter for giving commands to compromised systems. Experts predict that most probably, cybercriminals will look for fresh Web services in order to accomplish their wicked motives next year.

Besides being affordable and highly available, the sites lure hackers as they don't set off alerts when compromised systems are found connecting to them.

Related article: Amazon’s Customers Latest Target for Phishers

» SPAMfighter News - 12/19/2009