Hackers infiltrate Amazon Cloud

Posted by Aharon Etengoff

A security researcher recently identified a Zeus bot (Zbot) variant exploiting Amazon EC2's cloud-based services for its command and control operations.

"This notable scheme is a highlight from the latest spammed executable 'xmas2.exe' (63,488 bytes), for which we have recently published a blog [post]  titled 'Christmas is knocking on the door, so does the malware,'" confirmed CA's Methusela Cebrian Ferrer.

Hackers infiltrate Amazon Cloud
           
"The Zeus bot variant injects code into the system processes (such as svchost.exe) and connects to its cloud-server for configuration (config.bin) of the master for it's criminal activity."

Ferrer explained that the enigmatic cyber gang designed the bot to steal personal information and money from unsuspecting victims. 

"In this variant, we have learned how cloud on-demand (pay-as-you-use) offerings could be used to fuel such online cyber-crimes."

It should be noted that CA contacted the (legitimate) hacked website about the Zeus bot - which immediately stopped serving the malicious variant. CA also reported the security breach to Amazon Web Service. 

See Also
Smartphones face creeping malware threat
?Hackers steal confidential global warming data
Hacker restores Atom support for Snow Leopard netbooks
British police bust Zbot Trojan ring
Stealth malware steals jailbroken iPhone data
Feds indict RBS WorldPay hackers