This marks the first time Amazon Web Services' cloud infrastructure has been used for this type of illegal activity, according to Don DeBolt, director of threat research with HCL Technologies, a contractor that does security research for CA. The hackers didn't do this with Amazon's permission, however. They got onto Amazon's infrastructure by first hacking into a Web site that was hosted on Amazon's servers and then secretly installing their command and control infrastructure.
[ Get the no-nonsense explanations and advice you need to take real advantage of cloud computing in InfoWorld editors' 21-page Cloud Computing Deep Dive PDF special report. | Stay up on the cloud with InfoWorld's Cloud Computing Report newsletter. ]
DeBolt declined to say whose Web site was hacked to get onto Amazon's cloud, but the Zeus software has now been removed, he said. Zeus is a password-stealing botnet. Variants of this malware have been linked to more than $100 million in bank fraud in the past year.
He thinks the hackers may have just stumbled on a Web site with a security vulnerability -- they may have hacked the site's software or simply stolen an administrative password from a desktop computer to get on the site. "I think it's more a target of opportunity than a target of choice," he said.
In the past few years, law enforcement takedowns and bad publicity have made it harder for many criminals to host their back-end infrastructure in legitimate or even semi-legitimate datacenters, so they have moved to Web-based services. Although this didn't happen in this case, law enforcement officials worry that criminals might start using stolen credit cards to purchase cloud-based computing services from companies such as Amazon.
In August, security vendor Arbor Networks spotted a botnet that used Twitter to issue commands to hacked computers. Security experts say that criminals will probably seek out new Web services to use in 2010.