No comment really
Just getting a good chuckle out of this one. After all the hype, look who really listened.
Add Amazon's EC2 to the roster of cloud-based services being exploited to do the bidding of malware gangs. Over the past few days, a new variant of the Zeus banking trojan has been spotted using the popular Amazon service as a command and control channel for infected machines. After marks get tricked into installing the …
I PMd a copy of Banker doing this three months ago -- I thought.
Turned out that it was trying to report to a URL which had been shortened using one of those tinyURL services, and that service itself was hosted on EC2. Because the firewalls were blocking the (unproxied) access to the service, I never saw where it would ultimately have gone.
It's an worthwile technique because the attackers and re-point the URL as and when they see fit.
I presume this has been investigated by competent people and they haven't made the same mistake I did....
Biting the hand that feeds IT © 1998–2021