Amazon cloud resource tapped for botnet command and control service

According to a security posting by Computer Associates (CA), which spotted the botnet C&C service running on the Amazon cloud earlier this week, this is the first time that a cloud infrastructure has been misused in this way.

Back in August of this year, Infosecurity noted that the Twitter social networking service was found to be acting as a C&C server, but this latest botnet C&C installation marks a seachange in the way hackers are exploiting web 2.0 and allied services .

According to CA, the hackers appear to have cracked a website operated by a company that hosts on the Amazon cloud servers and then secretly installing their C&C server software.

Peter Wood, chief of operations at First Base Technologies, the penetration testing company, told Infosecurity that he views this hacker development as very serious.

"It represents another step in the development of criminal hacking techniques. The problem is that we are now likely to see similar hacks on cloud computing taking place, now that hackers know that this technique can be used successfully", he said.

What’s Hot on Infosecurity Magazine?