Add Amazon's EC2 to the roster of cloud-based services being exploited to do the bidding of malware gangs. Over the past few days, a new variant of the Zeus banking trojan has been spotted using the popular Amazon service as a command and control channel for infected machines. After marks get tricked into installing the …
No comment really
Just getting a good chuckle out of this one. After all the hype, look who really listened.
nothing new there
ssh attacks from amazon cloud aren't unheard of, something as covert as bot c&c could run for a while without detection.
Am I the only one...
...that thought the Zeus kbot from Total Annihilation had taken over an Amazon server, and started hosting Command and Conquer games on it?
No, no you are not..
I PMd a copy of Banker doing this three months ago -- I thought.
Turned out that it was trying to report to a URL which had been shortened using one of those tinyURL services, and that service itself was hosted on EC2. Because the firewalls were blocking the (unproxied) access to the service, I never saw where it would ultimately have gone.
It's an worthwile technique because the attackers and re-point the URL as and when they see fit.
I presume this has been investigated by competent people and they haven't made the same mistake I did....