There is a new variant of the Zeus/Zbot Trojan out there that takes advantage of Amazon’s EC2 services for command and control purposes of the botnet.
CA’s threat researcher Methusela Ferrer writes that the infection process follows a well known pattern: a malicious email/ecard is received by the user – the user is tricked into clicking on a malicious URL where he is infected by the Trojan variant – once executed it communicates with it’s C&C server. The only difference is that this is the first time that the use of cloud offerings has been spotted:
It shouldn’t come as a surprise that cyber criminals are moving some of their activities “into the cloud”. Putting aside the fact of the illegal nature of their activities, they are running a business venture and – as all good enterprises should – protecting the access to their information.