RSS Alerts

Share

More services

Related Links

Related Stories

  • Google Apps ad campaign goes global
    Google is to expand a mass-market advertising campaign for its cloud-based office software services beyond the US today.
  • Lawsuits fly over T-Mobile Sidekick cloud data loss
    T-Mobile has reportedly been hit by two class action lawsuits alleging that the cellular carrier misled consumers into believing that their data was secure after data was lost in the cloud
  • Secure cloud login technology to be unveiled next week
    California's TriCipher has announced plans to unveil its myOneLogin authentication and identification technology on day three of the Cloud SSO event in San Diego on July 29th.
  • Twitter company files leaked in Cloud Computing security failure
    Twitter has once again been hit by a lapse of security, this time with a hacker posting a set of internal company documents from the Twitter site and service, lifted from the GoogleApps online data sharing and collaboration system.
  • Forrester questions the security of cloud computing
    With the economic downturn, cloud computing is seen as a way to improve operational efficiency, reduce headcounts and help with the bottom line, but according to the report from Massachusetts-based Forrester Research on cloud computing, organisations should not jump on the ‘cloud wagon’ before considering security and privacy concerns.

Top 5 Stories

News

Google cloud platform used for botnet control

10 November 2009

Botnet controllers have been using cloud based systems such as the Google cloud platform as command and control nodes for infected PCs, said a researcher at Arbor Networks.

Arboor's manager of security research Jose Nazario found that AppEngine, a cloud based application platform operated by Google, has been used as a botnet to relay commands to infected computers.

Arbor found a malware sample over the weekend that accessed appspot.com, the domain used by the Google cloud based AppEngine, for information on URLs to download the malware.

"This was bound to happen, after all, in an environment like this where people's activities are limited by their intentions", Nazario said in a blog post.

This isn't the first time that cloud based services have been used in a botnet to control infected computers. In August, Arbor found a botnet that used micro-blogging service Twitter as its command and control structure. Status messages were updated on the rogue Twitter account telling botnet infected computers which links to contact for further downloads or commands.

Last month, Symantec researchers found a botnet using Facebook as a command and control coordinator. Trojan.Whitewell contacts the mobile version of Facebook, logs into an account page, and interprets notes left there as instructions.

Arbor contacted Google, which took down the offending AppEngine application.

This article is featured in:
Application Security  •  Internet and Network Security  •  Malware and Hardware Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions | Privacy | Website Design| Reed Exhibitions. All rights reserved. Copyright © 2013
We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×