There is malware in the Cloud

Posted by Trent Nouveau

Unfortunately, the scourge of malware isn't limited to terrestrial-based Windows computing.

As Vicente Diaz of Kapersky Lab notes, malware disseminators have reacted quickly in abusing the rapidly-evolving virtual infrastructure for profit.

"There are many past examples of [Cloud-based malware], such as the [exploitation] of Twitter as a botnet communication channel, [the] use of Amazon EC2 for hosting C&Cs, [and] abusing advertising channels for distributing malware," explained Diaz.

There is malware in the Cloud"[But] one [current] malware sample belongs to Trojan-Dropper.Win32.Drooptroop family, which has more than 7,000 variants. It is being distributed through an email message with a link to a Rapidshare."

According to Diaz, the malware variant was specifically designed to lure gullible users surfing during the 2010 holiday season.

"The name of the binary is gift.exe. As suspicious as it is, however, most filters fail in detecting this as malicious for two reasons: the binary is not in the body message and the domain of the URL is legitimate."

"Once the computer is infected, Drooptroop.jpa injects code into spoolsv.exe and intercepts browser's network functions, resulting in hijacking user's requests."

Diaz emphasized that surfers should be aware that malware is definitely circulating in Cloud-based environments, something which the above-mentioned Drooptroop.jpa variant clearly illustrates.

"Summing it up, the distribution was using a remote file sharing service, the malware used click fraud to monetize, [while] the rogue AV was all happening in the browser.

"However, this malware still needed to infect your [Windows] computer, so don''t forget to protect yourself," he added.