Share

Related Links

  • Kaspersky Lab
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Related Stories

  • Security at the dawn of a new age in computing
    A new age of “anytime” and “anywhere” computing, combined with “any device” has brought with it new challenges for enterprise security. Join Infosecurity for our Virtual Conference session on “Security in the Age of *Any* Computing” to explore this timely topic.
  • How to...build trust in the cloud
    The problem of securing data in the cloud - and building trust in the cloud computing environment - is the topic of just one of the several conference sessions that feature in the 2011 Infosecurity virtual conference, which takes place on June 2.
  • 2011 Spring Infosecurity Virtual Conference - Conference Programme available On Demand
    We are pleased to confirm the details for the event that was held on 2nd June 2011. This one-day event brought together a series of topical keynote sessions direct to your computer and gives you the flexibility to learn about the latest information security trends and challenges from wherever you are in the world.
  • Check Point reveal top security challenges for 2011
    At the Check Point Experience in Barcelona on 4th May 2011, John Vecchi, head of product marketing for Check Point, shared his thoughts on the top information security trends and challenges for 2011.
  • Panda releases Cloud AntiVirus Beta 1.9
    Two years after it released the first beta of its Cloud AntiVirus software, Panda Security has released a major new update – 1.9 – and it's a beta release once again.
  • Check Point founder redefines information security
    At the Check Point Experience in Barcelona, on May 4, 2011, the company’s founder and chairman, Gil Shwed, introduced Check Point 3D security – a concept which focuses on policy, people and enforcement.

Top 5 Stories

News

Security researcher spots Amazon Web Services hosting Brazilian malware

07 June 2011

Kaspersky Lab claims to have discovered the Amazon Web Services (AWS) cloud computing resource hosting Brazilian banking malware and, whilst this is not unknown, it also claims that Amazon has not responded to its reports about the darkware.

According to Dmitry Bestuzhev, the malware's installation code is being distributed on the AWS platform as a screen-saver file that, when it is executed, installs a rootkit that blocks several IT security applications from running.

"The evidence indicates that the criminals behind the attack are from Brazil and they used several previously registered accounts to launch the infection", he says in his security blog.

"Unfortunately after my formal complaints to Amazon, and waiting more than 12 hours, all malicious links are still online and active. It's worth mentioning that more and more criminals use legitimate cloud services for malicious purposes", he adds.

Bestuzhev goes on to say that he hopes that all the malicious links will be deactivated by Amazon soon.

"I believe legitimate cloud services will continue to be used by criminals for different kinds of cyber-attacks. Cloud providers should start thinking about better monitoring systems and expanding security teams in order to cut down on malware attacks enabled and launched from their cloud", he says.

According to Lucian Constantin of the Softpedia newswire, meanwhile, the Brazilian malware disables a browser security add-on called GBPlugin, which is commonly distributed by Brazilian banks to their customers.

"The malware is designed to steal financial information from nine Brazilian banks and two international ones, login credentials for Microsoft's Live Messenger and digital certificates used by eTokens", says the newswire.

The newswire adds that Brazilian banking malware has been increasing in sophistication during recent months.

As reported by Infosecurity last month, Kaspersky's security researcher Fabio Assolini revealed that his research team has already detected the first rootkit banker created to infect 64-bit systems.

The malware, he said in his blog, was detected in a drive-by-download attack made by Brazilian cybercriminals.

"We found a malicious Java applet inserted in a popular Brazilian website. The attack was made using a malicious applet in such a way as to infect users running old versions of the JRE (Java Runtime Environment) and was prepared to infect users running versions of both 32 and 64 bits systems", he said.

This article is featured in:
Cloud Computing  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×