The folks who run Amazon's EC2 cloud service must be happy the week is nearly over.
The cloud-based EC2 (Elastic Compute Cloud) was kept jumping this past week by two incidents: a compromised internal service that triggered a botnet, and a data center power failure in Virginia.
On Wednesday, security researchers for CA found that a variant of the infamous password-stealing Zeus banking Trojan had infected client computers after hackers were able to compromise a site on EC2 and use it as their own C&C (command and control) operation.
Don DeBolt, Director of Threat Research for CA Internet Security Business Unit, told CNET that the botnet first came to light while his firm was reviewing spam and found one with a URL for a piece of malware called xmas2.exe, described in a blog. After examining the file, DeBolt discovered it was a variant of the Zeus bot that was calling home to a computer inside Amazon Web Services, which houses EC2.
As a keylogger, Zeus is known to specifically capture bank account information, noted DeBolt, and was trying to perform the same crime in this case. The bot was also attempting to report the IP addresses of any clients that were infected via spam. The cybercrooks reportedly snuck their way into EC2 by gaining access through a site hosted on Amazon's service.
Once the bot was discovered, DeBolt and his team contacted Amazon to provide all the information from their client-based analysis. Since then, the files that were serving up the botnet on Amazon's side are no longer active.… Read more