Security researchers for Amazon recently spotted the Zeus botnet running an unauthorized command and control center on the company's EC2 cloud computing infrastructure. This is the first known time that Amazon Web Services' cloud infrastructure has been used for this type of illegal activity, according to onw of the security researchers in question. The hackers reportedly got onto Amazon's infrastructure by first hacking into a Web site that Amazon's servers hosted, and then installing their command and control infrastructure stealthily.
The security company declined to say whose Web site was used to get onto Amazon's cloud, but the Zeus software has now been removed. Zeus is a password-stealing botnet. Variants of this malware have been linked to over $100 million in bank fraud in the past year.
In the past few years, law enforcement takedowns and bad publicity have made it more difficult for criminals to host their sneaky infrastructure through legitimate or even semi-legitimate datacenters, so they have been steadily moving to Web-based services. Courtesy of infoworld.com