Wednesday, December 9, 2009

Zeus crimeware appears to be using Amazon's EC2 as command and control server

What's happening: Security researchers have intercepted a variant of the Zeus crimeware using Amazon’s EC2 services for command and control purposes of its botnet. Cybercriminals appear to be using Amazon’s RDS managed database hosting service as an alternative control domain in case they lose access to the primary domain. ScanSafe reports that in the past 3 years, it has recorded 80 unique malware incidents involving amazon, with 45 in 2009 compared to 35 total in 2007 and 2008 combined

What it means: This story illustrates the inherent challenge of securing the internet and with it, all the corporate and personal information in our computers and servers that is accessible via the internet. Amazon has every reason to get security perfect; yet they don't. No one can. Perfect information systems security is as impossible as perfect security of any kind. So long as we have information in our systems that someone else wants, there will be risk.

What to do: Follow the advice of Wall Street journalist Meryl Rukeyser who said "The secret of success lies not in avoiding risk but in managing it." (Meryl Rukeyser was Wall Street Week's Louis Rukeyser's father and a periodic guest on the show in the 1980s.)

**********************************
Zeus crimeware using Amazon's EC2 as command and control server