CNET.com reports:
"On Wednesday, security researchers for CA found that a variant of the infamous password-stealing Zeus banking Trojan had infected client computers after hackers were able to compromise a site on EC2 and use it as their own C&C (command and control) operation.
Don DeBolt, Director of Threat Research for CA Internet Security Business Unit, told CNET that the botnet first came to light while his firm was reviewing spam and found one with a URL for a piece of malware called xmas2.exe, described in a blog. After examining the file, DeBolt discovered it was a variant of the Zeus bot that was calling home to a computer inside Amazon Web Services, which houses EC2.
As a keylogger, Zeus is known to specifically capture bank account information, noted DeBolt, and was trying to perform the same crime in this case. The bot was also attempting to report the IP addresses of any clients that were infected via spam. The cybercrooks reportedly snuck their way into EC2 by gaining access through a site hosted on Amazon's service." [more]
posted by: gqpartner
Comments