Related Links

  • Kaspersky Lab
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Top 5 Stories


Security researcher spots Amazon Web Services hosting Brazilian malware

07 June 2011

Kaspersky Lab claims to have discovered the Amazon Web Services (AWS) cloud computing resource hosting Brazilian banking malware and, whilst this is not unknown, it also claims that Amazon has not responded to its reports about the darkware.

According to Dmitry Bestuzhev, the malware's installation code is being distributed on the AWS platform as a screen-saver file that, when it is executed, installs a rootkit that blocks several IT security applications from running.

"The evidence indicates that the criminals behind the attack are from Brazil and they used several previously registered accounts to launch the infection", he says in his security blog.

"Unfortunately after my formal complaints to Amazon, and waiting more than 12 hours, all malicious links are still online and active. It's worth mentioning that more and more criminals use legitimate cloud services for malicious purposes", he adds.

Bestuzhev goes on to say that he hopes that all the malicious links will be deactivated by Amazon soon.

"I believe legitimate cloud services will continue to be used by criminals for different kinds of cyber-attacks. Cloud providers should start thinking about better monitoring systems and expanding security teams in order to cut down on malware attacks enabled and launched from their cloud", he says.

According to Lucian Constantin of the Softpedia newswire, meanwhile, the Brazilian malware disables a browser security add-on called GBPlugin, which is commonly distributed by Brazilian banks to their customers.

"The malware is designed to steal financial information from nine Brazilian banks and two international ones, login credentials for Microsoft's Live Messenger and digital certificates used by eTokens", says the newswire.

The newswire adds that Brazilian banking malware has been increasing in sophistication during recent months.

As reported by Infosecurity last month, Kaspersky's security researcher Fabio Assolini revealed that his research team has already detected the first rootkit banker created to infect 64-bit systems.

The malware, he said in his blog, was detected in a drive-by-download attack made by Brazilian cybercriminals.

"We found a malicious Java applet inserted in a popular Brazilian website. The attack was made using a malicious applet in such a way as to infect users running old versions of the JRE (Java Runtime Environment) and was prepared to infect users running versions of both 32 and 64 bits systems", he said.

This article is featured in:
Cloud Computing  •  Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×