Zeus Botnet Infiltrates Amazon's Cloud

Cloud computing quickly succumbs to virus attacks

By on 10 Dec 2009, 16:09 GMT

Ranked as the top botnet threat by InfoWorld this summer, the atrocious Zeus botnet was discovered to have infiltrated Amazons EC2's cloud computing service. This comes as the first successful (if we can say that) botnet infiltration in one of Amazon's cloud-based services, renowned for their safety and performance.

Don DeBolt, director of Threat Research for HCL Technologies, a security research partner for CA, revealed the way this attacked took place and how the botnet worked. According to Mr. DeBolt (in a statement for InfoWorld), the virus did not break into Amazon's services by any loop-holes in its security service, but more likely infiltrated one of the websites hosted on Amazon's servers.

After acquiring authentication credentials from an infected computer, the virus connected to Amazon's cloud and installed a command and control infrastructure right on the client grid. Having at its disposal the advantages of a high-performance platform, the virus quickly and effectively started broadcasting commands across its network.

As security researchers Methusela Cebrian Ferrer and Rossano Ferraris noted for CA, this seemed to be somehow linked to the recent Christmas-related executables, distributed through spam mail all around the Web. By running the infected file, the reader's computer is infected with the Zeus bot variant, which injects code into numerous system services and connects to a cloud server to configure itself with the latest commands.

While experts have Zeus's creators linked to about $100 million in fraud this year only, this looks like the latest evolution in the botnet's constant efforts to keep itself hidden from authorities while utilizing the latest IT innovations in scamming people out of their money.

According to Mr. DeBolt, this was more of a lucky hit, and not something controlled. But judging by the success of their recent campaign, and also by the constant hunt that botnet networks have been under the past few years, a migration and targeting of cloud-based hosting services seems to be a wise choice for criminals. Meanwhile, the infected website was brought down from Amazon's cloud.

Comments

Amazon's cloud services infiltrated by botnet
   Amazon's cloud services infiltrated by botnet