A security researcher recently identified a Zeus bot (Zbot) variant exploiting Amazon EC2's cloud-based services for its command and control operations.
"This notable scheme is a highlight from the latest spammed executable 'xmas2.exe' (63,488 bytes), for which we have recently published a blog [post] titled 'Christmas is knocking on the door, so does the malware,'" confirmed CA's Methusela Cebrian Ferrer.
"The Zeus bot variant injects code into the system processes (such as svchost.exe) and connects to its cloud-server for configuration (config.bin) of the master for it's criminal activity."
Ferrer explained that the enigmatic cyber gang designed the bot to steal personal information and money from unsuspecting victims.
"In this variant, we have learned how cloud on-demand (pay-as-you-use) offerings could be used to fuel such online cyber-crimes."
It should be noted that CA contacted the (legitimate) hacked website about the Zeus bot - which immediately stopped serving the malicious variant. CA also reported the security breach to Amazon Web Service.