Google cloud platform used for botnet control

Arboor's manager of security research Jose Nazario found that AppEngine, a cloud based application platform operated by Google, has been used as a botnet to relay commands to infected computers.

Arbor found a malware sample over the weekend that accessed, the domain used by the Google cloud based AppEngine, for information on URLs to download the malware.

"This was bound to happen, after all, in an environment like this where people's activities are limited by their intentions", Nazario said in a blog post.

This isn't the first time that cloud based services have been used in a botnet to control infected computers. In August, Arbor found a botnet that used micro-blogging service Twitter as its command and control structure. Status messages were updated on the rogue Twitter account telling botnet infected computers which links to contact for further downloads or commands.

Last month, Symantec researchers found a botnet using Facebook as a command and control coordinator. Trojan.Whitewell contacts the mobile version of Facebook, logs into an account page, and interprets notes left there as instructions.

Arbor contacted Google, which took down the offending AppEngine application.

What’s Hot on Infosecurity Magazine?