Amazon EC2 Malware Problem

Tags:  security  Windows  cloud computing  spam  malware  Amazon  Microsoft  Sophos  Websense 

  • By theWHIR.com , July 03, 2008

  •   Digg
      Delicious
    submit to reddit  Reddit
      Newsvine
      Stumbleupon
      Twitter
    Facebook

    (close)

    From:
    To:
    Share | Send | Print | Comments (1)

Verio Attracts Resellers with Free Month of VPS Hosting: Companies looking to boost revenues are finding Verio's Free VPS promotion the right fit for getting started as Hosting Reseller.

By David Hamilton, theWHIR.com

July 3, 2008 -- (WEB HOST INDUSTRY REVIEW) -- Malicious spam emails allegedly sent on Amazon's Elastic Compute Cloud (aws.amazon.com/ec2) servers are making some commentators critical of the security risks that arise as the potential power of cloud computing opens up to all users, including spammers.

According to internet security firm Sophos (sophos.com) and others, spam traps found a malware campaign over the course of the weekend "using the common technique of disguising itself as an 'Important Windows Update'" that stemmed from Amazon's EC2.Websense Security Labs discovered the spam messages on Monday. Websense said the email message uses a redirect to a legitimate shopping site. The redirect then forwards users to a malicious URL offering to download an executable file. The malicious hostname is lengthy but is masked by sub-domain update.microsoft.com. The file, once opened, Websense said, will infect a user's desktop with a backdoor Trojan.

Marketed as a way for small to mid-sized companies to access an enormously powerful array of web-hosted applications, Washington Post computer security columnist Brian Krebs explored the implications that this holds for malicious users.

Outblaze (www.outblaze.com) head of anti-spam operations Suresh Ramasubramanian told the Post that EC2 is just another place for spammers and scammers to host their junk. Hong Kong-based Outblaze has gone so far as to list all of Amazon's EC2 Internet space on its spam blocklists.

Amazon responded that a clear, acceptable use policy is in place and all complaints of spam or malware coming through Amazon EC2 swiftly evaluated and network isolating or terminating is used to strictly enforce the use policy. However, some critics worry that by creating a new instance, malicious users can create new identities when their malware is found out.

OLDER:  EPA Recruits Energy Star Participants | NEWER:  Verisign CEO Resigns Suddenly

Comment anonymously or log into your WHIR account

Logging in allows enhanced commenting features (such as external linking) in news, features, blogs and more.

User:

Pass:

(reset password)

Don't have an account yet? Register now!


 

Comment by Anonymous on Thursday, July 03, 2008

Hi, my quote is a bit incomplete - and the part that was left out is very relevant to establish context.

I said "with stolen credit cards" - amazon sells a hosting service, and any hosting service is vulnerable to spammers buying service with stolen cc.

The difference here is that, as I said further on in the Wash Post article, EC2 is dynamic IP space, and we block dynamic IP space as a matter of policy.

Also as others commented in the article, Amazon might possibly benefit from some better abuse / antispam enforcement.

thanks
srs

Suresh Ramasubramanian
Head, Antispam Operations
Outblaze Limited

Related Content

Most Popular