Zeus bot found using Amazon's EC2 as C&C server
Add Amazon's EC2 to the roster of cloud-based services being exploited to do the bidding of malware gangs. Over the past few days, a new variant of the Zeus banking trojan has been spotted using the popular Amazon service as a command and control channel for infected machines. After marks get tricked into installing the …
This topic is closed for new posts.
No comment really
Just getting a good chuckle out of this one. After all the hype, look who really listened.
nothing new there
ssh attacks from amazon cloud aren't unheard of, something as covert as bot c&c could run for a while without detection.
Am I the only one...
...that thought the Zeus kbot from Total Annihilation had taken over an Amazon server, and started hosting Command and Conquer games on it?
Mistaken
I PMd a copy of Banker doing this three months ago -- I thought.
Turned out that it was trying to report to a URL which had been shortened using one of those tinyURL services, and that service itself was hosted on EC2. Because the firewalls were blocking the (unproxied) access to the service, I never saw where it would ultimately have gone.
It's an worthwile technique because the attackers and re-point the URL as and when they see fit.
I presume this has been investigated by competent people and they haven't made the same mistake I did....
This topic is closed for new posts.
