Kaspersky: Cyber criminals hide in Amazon S3
The security firm claims internet crooks are using Amazon’s storage service to spread the SpyEye Trojan.
Amazon’s cloud storage offering is being used as a hiding place for cyber criminals spreading the infamous SpyEye Trojan, according to a number of security firms.
The first to make the claim was Russian company Kaspersky. On its SecureList blog, Jorge Mieres, one of the firm’s lab experts, claimed malware spreaders were using Amazon’s S3 (Simple Storage Service) product to maintain and distribute the Trojan, with activity ramping up.
“The truth is that these cases are not isolated,” he wrote. “According to our research, cyber criminals have been running SpyEye activities from Amazon for the past couple of weeks.”
Although the industry often assumes only free cloud services will be used for malware purposes, Mieres claimed the money was “not an obstacle for profitable attackers.”
To sign up to something like Amazon Web Services (AWS), the perpetrators would require a true identity and payment method, but Mieres said this was just further evidence of stolen data being abused.
“As I mentioned earlier, there are isolated cases, but the tendency to exploit services like cloud storage is in full expansion,” he added.
“This trend clearly represents a critical point for online storage services and requires special treatment.”
Cloud Pro Newsletter
Stay up to date with the latest news and analysis from the world of cloud computing with our twice-weekly newsletter
Yesterday, Trend Micro agreed with Kaspersky that AWS was being abused to spread SpyEye.
“In fact, another colleague in my group, Ranieri Romera, recently collected approximately 22Mb of malware for analysis and detection that was hosted on AWS,” wrote Paul Ferguson, senior threat researcher at Trend, on the firm’s malware blog.
Both security companies reported their research findings to Amazon but the cloud giant had not responded to Cloud Pro’s request for comment at the time of publication.
SpyEye has attracted a lot of attention over the past few months and the UK’s Serious Organised Crime Agency (SOCA) has even teamed up with Virgin Media in an attempt to stop the spread.
Jennifer Scott is a former freelance journalist and currently political reporter for Sky News. She has a varied writing history, having started her career at Dennis Publishing, working in various roles across its business technology titles, including ITPro. Jennifer has specialised in a number of areas over the years and has produced a wealth of content for ITPro, focusing largely on data storage, networking, cloud computing, and telecommunications.
Most recently Jennifer has turned her skills to the political sphere and broadcast journalism, where she has worked for the BBC as a political reporter, before moving to Sky News.