News

Cybercriminals using Amazon S3 to spread SpyEye toolkit

SearchCloudSecurity.com Staff

Cybercriminals are exploiting Amazon Simple Storage Service (S3) to host the SpyEye toolkit

    Requires Free Membership to View

, according to security researchers.

In a blog post late last week, Jorge Mieres, lab expert at antivirus supplier Kaspersky Lab, said cybercriminals have been using Amazon S3 heavily in the second half of July to run SpyEye activities. The SpyEye Trojan emerged in late 2009 as a competitor to the Zeus bank Trojan. Both are used to infect computers, steal credentials and ultimately drain bank accounts.

“One hurdle for these cybercriminals to abusing Amazon S3 is the creation of an Amazon Web Services (AWS) account,” Mieres wrote. “These accounts require a legitimate identity and method of payment, so it is evident criminals are using stolen data to overcome this challenge.”

Researchers at antivirus company Trend Micro have also observed Amazon S3 being used to host SpyEye. “In fact, another  colleague in my group, Ranieri Romera, recently collected approximately 22Mb of malware for analysis and detection that was hosted on AWS,” Paul Ferguson, senior threat researcher at Trend Micro, wrote in a blog post Monday.

“My advice is to avoid clicking on any suspicious link, either in an unsolicited email or an apparently benign link embedded in a webpage hosted on AWS (e.g. zx1uporn.s3.amazon.com, et al.) until this problem is resolved,” he added. “We have recently seen about 30-50 various subdomains and specific URLs created on AWS which appear to harbor malicious content.”

The trend of criminals exploiting cloud storage services is expanding, according to Mieres. “This trend clearly represents a critical point for online storage services and requires special treatment,” he wrote.

Both Kaspersky and Trend Micro said they reported their findings to the security teams at Amazon Web Services.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: