Related Links

Top 5 Stories


Amazon cloud resource tapped for botnet command and control service

11 December 2009

A subscriber to the Amazon pay-as-you-use EC2 cloud computing has had their website hacked, and a command and control (C&C) system installed for the Zeus botnet, which continues to be a problem for PC users, despite the worm being almost two and a half years old.

According to a security posting by Computer Associates (CA), which spotted the botnet C&C service running on the Amazon cloud earlier this week, this is the first time that a cloud infrastructure has been misused in this way.

Back in August of this year, Infosecurity noted that the Twitter social networking service was found to be acting as a C&C server, but this latest botnet C&C installation marks a seachange in the way hackers are exploiting web 2.0 and allied services .

According to CA, the hackers appear to have cracked a website operated by a company that hosts on the Amazon cloud servers and then secretly installing their C&C server software.

Peter Wood, chief of operations at First Base Technologies, the penetration testing company, told Infosecurity that he views this hacker development as very serious.

"It represents another step in the development of criminal hacking techniques. The problem is that we are now likely to see similar hacks on cloud computing taking place, now that hackers know that this technique can be used successfully", he said.

This article is featured in:
Application Security  •  Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×