Feeds

back to article Zeus bot found using Amazon's EC2 as C&C server

Add Amazon's EC2 to the roster of cloud-based services being exploited to do the bidding of malware gangs. Over the past few days, a new variant of the Zeus banking trojan has been spotted using the popular Amazon service as a command and control channel for infected machines. After marks get tricked into installing the …

COMMENTS

This topic is closed for new posts.
Happy

No comment really

Just getting a good chuckle out of this one. After all the hype, look who really listened.

0
0

nothing new there

ssh attacks from amazon cloud aren't unheard of, something as covert as bot c&c could run for a while without detection.

0
0

Am I the only one...

...that thought the Zeus kbot from Total Annihilation had taken over an Amazon server, and started hosting Command and Conquer games on it?

3
0
Anonymous Coward

Apparently not

No, no you are not..

0
0
Boffin

Mistaken

I PMd a copy of Banker doing this three months ago -- I thought.

Turned out that it was trying to report to a URL which had been shortened using one of those tinyURL services, and that service itself was hosted on EC2. Because the firewalls were blocking the (unproxied) access to the service, I never saw where it would ultimately have gone.

It's an worthwile technique because the attackers and re-point the URL as and when they see fit.

I presume this has been investigated by competent people and they haven't made the same mistake I did....

0
0
This topic is closed for new posts.