back to article Zeus bot found using Amazon's EC2 as C&C server

Add Amazon's EC2 to the roster of cloud-based services being exploited to do the bidding of malware gangs. Over the past few days, a new variant of the Zeus banking trojan has been spotted using the popular Amazon service as a command and control channel for infected machines. After marks get tricked into installing the …

COMMENTS

This topic is closed for new posts.
  1. Geoffrey Summerhayes
    Happy

    No comment really

    Just getting a good chuckle out of this one. After all the hype, look who really listened.

  2. jon 44

    nothing new there

    ssh attacks from amazon cloud aren't unheard of, something as covert as bot c&c could run for a while without detection.

  3. Dave 52

    Am I the only one...

    ...that thought the Zeus kbot from Total Annihilation had taken over an Amazon server, and started hosting Command and Conquer games on it?

    1. Anonymous Coward
      Anonymous Coward

      Apparently not

      No, no you are not..

  4. umacf24
    Boffin

    Mistaken

    I PMd a copy of Banker doing this three months ago -- I thought.

    Turned out that it was trying to report to a URL which had been shortened using one of those tinyURL services, and that service itself was hosted on EC2. Because the firewalls were blocking the (unproxied) access to the service, I never saw where it would ultimately have gone.

    It's an worthwile technique because the attackers and re-point the URL as and when they see fit.

    I presume this has been investigated by competent people and they haven't made the same mistake I did....

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2020