Tuesday, May 21, 2013

News Feed Comments
You are here: Home / News / Amazon cloud – host for financial data steal malware

Amazon cloud – host for financial data steal malware

June 7, 2011 by  
Filed under News

Leave a Comment

There were rumours going around that the Amazon cloud was the platform for the Sony hackers. Now, the same services are used for financial stealing malware programs.

The evidence indicates that the criminals behind the attack is from Brazil and used in the past several accounts registered to start the infection. Unfortunately after my formal complaints to the Amazon, and waiting more than 12 hours, every malicious links is connected and active!

Criminals are more and more legitimate use cloud services for malicious purposes. In most cases, abuse them successfully.

The malware hosted on Amazon comes with a lot of different malicious code, they all fell to victim machines and act in different ways:
Acting as a rootlet – looking and deny the normal execution of four different anti-virus and security application GBPluggin particular Called and used online banking for Brazilian banks in the country by many.
Steal of nine Brazilian International Financial Reporting and banks 2.
Microsoft Live Messenger to steal credentials.
ETokens steal digital certificates used by the system.
Stealing information on the CPU, hard drive volume number, name of the PC and so on (this information is used to Being Some banks of Latin America during the sessions of the bank entry to authenticate clients.)
Two ways to filter stolen date: via e-mail to the offender Gmail account via special php and insert the remote database.
Finally, samples malicious software is protected by law against piracy Called Enigma Protector. The criminals use to make it more difficult for analysts to reverse engineer.

All samples were detected by KAV as:
Trojan-Downloader.Win32.Murlo.lib
Trojan-PSW.Win32.MSNer.a
Trojan-Banker.Win32.Banz.iok
Trojan-Banker.Win32.Banker.blpm
Trojan-Downloader.Win32.Homa.fgx
Trojan-Banker.Win32.Banker.blbt.

I also hope that all malicious links is disabled by Amazon soon too. I think legitimate services tag will be continued criminals use for different types of cyber attacks.

Cloud providers should begin to think of better security and surveillance systems for expansion teams to reduce malicious attacks launched from outside the cloud and enabled.

Related posts:

  1. Hackers steal $150.000 with online job applications
  2. Top 10 Malware Threats reported by GFI Software for February
  3. New Malware jumps to 73,000 according to PandaLabs
  4. Criminals in the U.S. have come up with a new way to steal money from cashpoint machines (ATMs) by gluing down keys in a way that stops customers completing a transaction.
  5. Hackers steal Hotmail messages due to Web flaw

Tags: ,

Comments are closed.