Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hackers Find Home In Amazon EC2 Cloud

CmdrTaco posted more than 4 years ago | from the don't-mind-us dept.

Security 89

snydeq writes "Security researchers have spotted the Zeus botnet running an unauthorized command and control center on Amazon's EC2 cloud computing infrastructure. This marks the first time Amazon Web Services' cloud infrastructure has been used for this type of illegal activity, according to threat researcher Don DeBolt. The hackers got onto Amazon's infrastructure by hacking into a Web site hosted on Amazon's servers and then secretly installing their command and control infrastructure."

cancel ×

89 comments

Sorry! There are no comments related to the filter you selected.

If anything... (5, Funny)

iamapizza (1312801) | more than 4 years ago | (#30390610)

This is going to Kindle a debate about the merits and demerits of the cloud.

Re:If anything... (1)

CRiMSON (3495) | more than 4 years ago | (#30390660)

*groan*

Re:If anything... (1, Informative)

Anonymous Coward | more than 4 years ago | (#30390704)

And the security of Linux... You see , Amazon uses Apache + Linux in their cloud computing system, so the zealots have told me that such an attack is in fact impossible ;--)

Re:If anything... (0)

Anonymous Coward | more than 4 years ago | (#30390750)

Did you believe them?

Re:If anything... (1)

isama (1537121) | more than 4 years ago | (#30390766)

apache was once great, but now it has a lot of leaks. if you want secure you should use nginx

Re:If anything... (0)

Anonymous Coward | more than 4 years ago | (#30396708)

apache was once great, but now it has a lot of leaks. if you want secure you should use nginx

bahahahahahahhhahha!!!!1!! Seriously? That useless piece of shit?

Re:If anything... (1)

noric (1203882) | more than 4 years ago | (#30391386)

EC2 instances will run Windows.

Re:If anything... (0)

Anonymous Coward | more than 4 years ago | (#30391436)

And the relevance of that is what? The servers themselves that were hacked run Linux and apache.

Re:If anything... (0)

Anonymous Coward | more than 4 years ago | (#30391636)

In all fairness, its only systems that have been properly configured should be considered bullet-proof (including removing the plug from the wall).

Re:If anything... (1)

Necrobruiser (611198) | more than 4 years ago | (#30391836)

Bulletproof? Dang. I forgot to protect my servers from hackers with guns....

Re:If anything... (0)

Anonymous Coward | more than 4 years ago | (#30392842)

Yes, of course it has nothing to do with the code that was created by a 3rd party and was running on these servers. Nope, no way!

Re:If anything... (1)

default luser (529332) | more than 4 years ago | (#30390720)

Well, it looks like I've been doing it wrong all this time. I've been trying to hack the cloud with an axe.

I just keep whiffing.

Re:If anything... (-1, Troll)

Anonymous Coward | more than 4 years ago | (#30391300)

That was you? Jesus, it smells like rotten eggs. Seriously dude, you should adjust your diet or have your ass checked for cancer or something. That stench is unbearable.

Re:If anything... (0)

Anonymous Coward | more than 4 years ago | (#30392900)

I lolled. Whiffing.

Re:If anything... (3, Interesting)

hesaigo999ca (786966) | more than 4 years ago | (#30390914)

Not really, as everyone knows you have hotmail and gmail accounts that have commands updated each week for certain other types of botnet, so is that to spark a debate about whether or not we should allow hotmail or gmail, certainly not, however, it could go to show there should be a better security implementation on the servers hosting the clouds to quickly locate any compromised machines or code on the servers.

and we all know apache on windows is MORE secure (1)

CHRONOSS2008 (1226498) | more than 4 years ago | (#30394562)

/sarcasm

And? (4, Insightful)

Kenja (541830) | more than 4 years ago | (#30390694)

There is nothing intrinsic to a cloud of computers that makes them any different then the internet in general. Anything that makes use of unprotected computers on the internet will make use of a cloud as well. In fact, from a logical perspective, the internet is a cloud. Its just that access is generally curtailed in some way.

Re:And? (2, Insightful)

Monkeedude1212 (1560403) | more than 4 years ago | (#30391076)

In fact the internet has been represented as a cloud long before cloud became a buzzword.

Re:And? (4, Funny)

Anonymous Coward | more than 4 years ago | (#30391252)

Wait a minute. I'm a manager, and I've been reading a lot of case studies and watching a lot of webcasts about The Cloud. Based on all of this glorious marketing literature, I, as a manager, have absolutely no reason to doubt the safety of any data put in The Cloud.

The case studies all use words like "secure", "MD5", "RSS feeds" and "encryption" to describe the security of The Cloud. I don't know about you, but that sounds damn secure to me! Some Clouds even use SSL and HTTP. That's rock solid in my book.

And don't forget that you have to use Web Services to access The Cloud. Nothing is more secure than SOA and Web Services, with the exception of perhaps SaaS. But I think that Cloud Services 2.0 will combine the tiers into an MVC-compliant stack that uses SaaS to increase the security and partitioning of the data.

My main concern isn't with the security of The Cloud, but rather with getting my Indian team to learn all about it so we can deploy some first-generation The Cloud applications and Web Services to provide the ultimate platform upon which we can layer our business intelligence and reporting, because there are still a few verticals that we need to leverage before we can move to The Cloud 2.0.

Re:And? (2, Interesting)

Rycross (836649) | more than 4 years ago | (#30391498)

We need to extend Poe's Law to managerial speak.

Re:And? (0)

Anonymous Coward | more than 4 years ago | (#30391798)

You obviously know what you're talking about. Since you have been so successful at taking charge of all this technology, I have decided to promote you to VP of technology marketing with a focus on leveraging Cloud solutions. We need to start integrating this Cloud thing in all our products and you are best positioned to envision the roadmap for how to add value for our customers through next-generation Cloud solutions.

Re:And? (1)

cHiphead (17854) | more than 4 years ago | (#30391966)

I will use this verbatim at my next Technology Strategy meeting.

Re:And? (1)

CodeBuster (516420) | more than 4 years ago | (#30392296)

The Cloud applications and Web Services to provide the ultimate platform upon which we can layer our business intelligence and reporting, because there are still a few verticals that we need to leverage before we can move to The Cloud 2.0.

Bingo!

Re:And? (2, Funny)

sjames (1099) | more than 4 years ago | (#30393232)

  • Buzzword compliant: check
  • So far into the latest trend we can't even tell if it's real: check
  • Thinking so foggy that "the cloud" is spewing from your ears and covering your office floor like a bad horror film: check!

There we have it. Metrics never lie! Looks like you're on a one way trip to the executive suite!

You must be lost, sir. (1)

Divide By Zero (70303) | more than 4 years ago | (#30393734)

Jeez, boss, get off Slashdot! News for NERDS. CIO Magazine has its own site.

I know you sign my performance reviews every year, but that doesn't mean you can invade my home like this.

Re:And? (1)

JumpDrive (1437895) | more than 4 years ago | (#30395776)

Damn, you didn't miss a meeting did you?

Re:And? (1)

ihuntrocks (870257) | more than 4 years ago | (#30391616)

I'd like to second this. I'd also like to point out that this applies to security as it relates to anything (cloud computing, Linux, apache, etc). Security is not a product. Security is a process. It is incumbent on administrators and engineers to ensure that they are aware of what they are doing with their technology, and what sort of implications it may have.

It does little good to build an impenetrable vault and leave the door open all the time.

Re:And? (0)

Anonymous Coward | more than 4 years ago | (#30395956)

No, a "Cloud" is a Beowulf Cluster, you insensitive clod! I, for one welcome our hacked Beowulf Cluster overlords.

Nothing really special (5, Insightful)

Yetihehe (971185) | more than 4 years ago | (#30390718)

Hackers break into website, but it happens to be hosted on EC2. Hosting in cloud doesn't automagically make your sites more secure.

Re:Nothing really special (1)

CyprusBlue113 (1294000) | more than 4 years ago | (#30390820)

It does make it more scalable though =)

Re:Nothing really special (0)

Anonymous Coward | more than 4 years ago | (#30393682)

Your site or the botnet?

Re:Nothing really special (2, Interesting)

Monkeedude1212 (1560403) | more than 4 years ago | (#30390866)

I think the "special" part of the news is that since its being hosted on the cloud its harder to remove - since it'll be running on multiple computers capable of replicating itself across multiple machines. In order to purge it, you'd probably have to take down the entire infected cloud and clean it all seperately or at least all in synch.

Re:Nothing really special (1)

MushMouth (5650) | more than 4 years ago | (#30391216)

No, you just change your launch keys and kill the infected nodes, which can all be done in seconds.

Re:Nothing really special (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#30391692)

If it were that easy - why hasn't it been fixed? They claim they've only discovered the botnet, not removed it.

Re:Nothing really special (0)

Anonymous Coward | more than 4 years ago | (#30391998)

I can tell you as AC that it is quite easy to remove and the only reason that it hasn't been done yet is because it is the holiday season, so it entails more approval paperwork for potentially impactful changes.

Re:Nothing really special (2, Informative)

DaTroof (678806) | more than 4 years ago | (#30392146)

According to the second article [ca.com] , it has been fixed.

Please Note:The legitimate hacked website was contacted and informed about its participation in the Zeus bot activity and accordingly has stopped serving the malicious variant.

Re:Nothing really special (1)

DragonWriter (970822) | more than 4 years ago | (#30392050)

I think the "special" part of the news is that since its being hosted on the cloud its harder to remove - since it'll be running on multiple computers capable of replicating itself across multiple machines. In order to purge it, you'd probably have to take down the entire infected cloud and clean it all seperately or at least all in synch.

Or, more likely, just disable the affected virtual instances, and maybe all instances for the affected account (assuming that by violating the hosted instances security, the intruders gained full access to the account.) Only if they compromised EC2's own security to the extent of getting, essentially, administrative access to EC2, not just administrative access to a hosted instance, would the cloud itself be compromised.

Re:Nothing really special (1)

TooMuchToDo (882796) | more than 4 years ago | (#30393254)

You'd have to identify the vulnerable section of your webapp, fix the code, destroy all your EC2 instances, and then have them all start up and rebuild based on your new, secure codebase. Good times!

Re:Nothing really special (1)

nahdude812 (88157) | more than 4 years ago | (#30394542)

With EC2, you'd bring up a new node based on the clean AMI, but with a security policy which allows only your IP to talk to it (this is the default). You'd fix the vulnerability and save that instance as a new AMI.

You'd launch new instances of the clean, fixed AMI. You'd shut down the old infected instances. Done. No downtime and a complete purge.

Most of your time would be spent fixing the vulnerability, the rest of it are just standard EC2 maintenance tasks that if you're moderately savvy in the cloud would take you at most a few minutes.

Re:Nothing really special (1)

Dan541 (1032000) | more than 4 years ago | (#30395646)

Alternatively you can just terminate the instance. Far easier than disconnecting a physical machine.

Re:Nothing really special (1)

nametaken (610866) | more than 4 years ago | (#30391138)

But it does mean that Amazon can shut down the compromised instances. That's where the up's and down's come in. I'm happy if they shut someone else off. I get a big-brother feeling if they shut mine off. :)

WHAT???? (2, Insightful)

Colin Smith (2679) | more than 4 years ago | (#30392038)

Hosting in cloud doesn't automagically make your sites more secure.

You mean... I still have to have people who can "manage" my systems?

NOOOO!!!!
 

Re:WHAT???? (1)

Neuroelectronic (643221) | more than 4 years ago | (#30392110)

No, Amazon does that. You can fire those people. What you need is people who know how to build a website securely.

This type of illegal activity? (4, Insightful)

quangdog (1002624) | more than 4 years ago | (#30390736)

"This marks the first time Amazon Web Services' cloud infrastructure has been used for this type of illegal activity"

So, has it been used for other illegal things that have been reported on? Is it even possible for anyone to find out all the possible illegal uses of technolgies like cloud computing?

The "Deniable" Already Happens! (2, Insightful)

StCredZero (169093) | more than 4 years ago | (#30391354)

"This marks the first time Amazon Web Services' cloud infrastructure has been used for this type of illegal activity"

So, has it been used for other illegal things that have been reported on? Is it even possible for anyone to find out all the possible illegal uses of technolgies like cloud computing?

I'm willing to bet that folks like Apple, Google, Amazon, and Microsoft are already hiring "security consultants" to act as deniable intermediaries to other consultants using semi-legal (or flat-out illegal) means to gather information. Not only are arrangements like this being used for industrial espionage, but to gather intelligence on illegal operators who might hack into or otherwise subvert corporate resources like AWS or Google's cloud. This would just be an extension of what companies already do with "private detectives."

Someone needs to start writing novels about this!

Re:The "Deniable" Already Happens! (1)

JumpDrive (1437895) | more than 4 years ago | (#30395890)

I would, but Microsoft, Google, Yahoo, Apple all pay more than what a good novel would bring.

James Patterson

Yes. (1)

svtdragon (917476) | more than 4 years ago | (#30391566)

Is it even possible for anyone to find out all the possible illegal uses of technolgies like cloud computing?

Yes. They're exactly the same as all the possible illegal uses of any other kind of computing.

Re:This type of illegal activity? (1)

narcolepticjim (310789) | more than 4 years ago | (#30392322)

Not within the cloud itself. Incompleteness and all that.

Yes, yes it is (1)

tacokill (531275) | more than 4 years ago | (#30392460)

Is it even possible for anyone to find out all the possible illegal uses of technolgies like cloud computing?

Yes, it is possible. However, it is the same as trying to win a war against jealousy or envy.

Re:This type of illegal activity? (1)

Dan541 (1032000) | more than 4 years ago | (#30395688)

Is it even possible for anyone to find out all the possible illegal uses of technolgies like cloud computing?

Yes, because it's exactly the same as regular computing.

Ready for prime time! (5, Funny)

HaeMaker (221642) | more than 4 years ago | (#30390770)

You know, if bot net operators are trusting the EC2 cloud for their mission critical operations, it has to be ready for prime time.

This is a stunning endorsement. Amazon should send out a press release.

Not Amazon that got hacked (3, Informative)

Meshach (578918) | more than 4 years ago | (#30390798)

According to the article it was not Amazon itself that got hacked but an "unidentified website on Amazon's cloud" that got hacked. The hackers then used that website to get onto the cloud and execute code.

Re:Not Amazon that got hacked (-1, Redundant)

Anonymous Coward | more than 4 years ago | (#30391590)

Thats pretty much what the summary says too

The hackers got onto Amazon's infrastructure by hacking into a Web site hosted on Amazon's servers...

Re:Not Amazon that got hacked (2, Informative)

nacturation (646836) | more than 4 years ago | (#30392258)

According to the summary too: "The hackers got onto Amazon's infrastructure by hacking into a Web site hosted on Amazon's servers..."

No different than "a web site hosted on Rackspace's servers". I agree with the other posts that this is essentially a non-news item. So a server gets hacked. It doesn't matter that the server is in someone's basement or in a colo or a VM somewhere.

This is not new (2, Informative)

ub3r n3u7r4l1st (1388939) | more than 4 years ago | (#30390976)

If you search "Xbox Host booting" on YouTube, there are hundreds of videos showing you how to utilize the mass computing power of the cloud to knock your opponent off from a Halo 3 session and get the win.

I'm just pwning your server if that's ok... (3, Funny)

meerling (1487879) | more than 4 years ago | (#30391082)

I love that " ...then secretly installing their command and control infrastructure." statement.
When was the last time a criminal came up to your admin and said, "Hi, I'm going to install my unwanted rootkit on your server now so I can use it as a botnet."?
Yeah, it's like saying a burglar secretly robbed your house... Like he's really going to send you a postcard saying, "Tonight when you go to the movies, I'm going to pillage your apt.".

Re:I'm just pwning your server if that's ok... (0)

Anonymous Coward | more than 4 years ago | (#30391414)

What if I secretly robbed your house a few weeks ago? It's secret, because you still don't know about it.

(note: I said "what if")

Re:I'm just pwning your server if that's ok... (1)

palegray.net (1195047) | more than 4 years ago | (#30391438)

No, no! They kept it a secret from the other criminal gangs in the neighborhood, silly.

Re:I'm just pwning your server if that's ok... (5, Funny)

Monkeedude1212 (1560403) | more than 4 years ago | (#30391460)

When was the last time a criminal came up to your admin and said, "Hi, I'm going to install my unwanted rootkit on your server now so I can use it as a botnet."?

Yesterday. But since he wasn't asking a question, I couldn't say no. I advised him that his course of action was not one that I wished to occur and he politely informed me that it was "duly noted" and proceeded anyways. All in all, it was a nice verbal transaction and his posture was excellent, and I'm sure outside of his work he's a really nice guy. I wanted to ask him if he wanted to go for a couple of cold ones - but I think that might have been pushing it and didn't want to offend him.

To be honest, the thing that bugs me more than this backdoor to my machine is the regret that I never reached out to him more. A lost friendship, that will likely never have another chance at forming. Everytime that Antivirus XP pop-up comes on screen it reminds me of him. I've slowly come to realize that I am remembering him constantly, where he probably does not remember me at all. I shamefully admit that I cry myself to sleep, telling myself that one day he'll come back to me, and maybe out of remorse he'll remove the conficker and everything will be okay.

Re:I'm just pwning your server if that's ok... (1)

Stregano (1285764) | more than 4 years ago | (#30391592)

Holy crap dude. If you have gone on, I would have been hysterically laughing in my cube. We can stop the comments now, you won the thread.

Re:I'm just pwning your server if that's ok... (1)

electricbern (1222632) | more than 4 years ago | (#30392184)

You can always reconnect through Facebook.

Re:I'm just pwning your server if that's ok... (1)

sheph (955019) | more than 4 years ago | (#30392186)

What is even more humorous is that this was modded interesting.

Re:I'm just pwning your server if that's ok... (1)

gregarican (694358) | more than 4 years ago | (#30392368)

Dude stop it, you're killing me. I mean it. STOP IT, YOU'RE KILLING ME! Oyyyyy....

Re:I'm just pwning your server if that's ok... (1)

Paracelcus (151056) | more than 4 years ago | (#30392956)

Thank you, and yes I do think of you, often..

Re:I'm just pwning your server if that's ok... (0)

Anonymous Coward | more than 4 years ago | (#30394742)

What are you babbling about? Your post is unfunny and nonsensical to boot.

Re:I'm just pwning your server if that's ok... (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#30395148)

What are you babbling about? Your post is unfunny and nonsensical to boot.

Just for you, AC, I will break it down.

The parent of the thread pointed out that the line "then secretly installing their command and control infrastructure" is a little silly because no hacker would ever do it NOT in secret. He then explains similar scenarios in why it would be ridiculous if someone did.

In my post I claim that someone in fact DID perform such a ridiculous action. However, since we're being ridiculous, I thought it would be funny to kick it up a notch and make MY REACTION even MORE ridiculous.

Making yourself a target for ridicule is not anything new. If you are unable to grasp this concept I would hope that there is a reasonable explanation. Perhaps you were raised in a different culture, perhaps english isn't your native tongue so you don't quite follow the nuances of my speech. I broke up my sentences with unnecessary commas and hyphens to excentuate certain words or phrases, in order to make my post sound more like a confession or a story instead of just a post.

Also, I'm not sure if you mean nonsensical meaning that the structure of my writing doesn't make sense, or my actions don't make sense.

Because if it's my actions, that is kind of the point. The fact they DON'T make sense is funny.

Re:I'm just pwning your server if that's ok... (1)

cecom (698048) | more than 4 years ago | (#30397224)

I think yours may be the best Slashdot post ever!!!

Re:I'm just pwning your server if that's ok... (0)

Anonymous Coward | more than 4 years ago | (#30392138)

Yeah, it's like saying a burglar secretly robbed your house... Like he's really going to send you a postcard saying, "Tonight when you go to the movies, I'm going to pillage your apt.".

"Arsène Lupin, gentleman burglar, will return when the furniture is genuine."

the interesting thing is autoscaling and billing (4, Interesting)

noric (1203882) | more than 4 years ago | (#30391428)

The interesting thing about this case, to me, is that Amazon's lawful customer will receive a bill in the mail for hacker usage charges.

Re:the interesting thing is autoscaling and billin (0)

Anonymous Coward | more than 4 years ago | (#30392162)

How is the billing issue different?

Most hosting services are prepaid. Should customers of a $30 VPS hosting plan also receive credit when a hacker exploits a poorly coded PHP file and uses resources of their VPS? Very similar scenario.

The real story here is not that it was on EC2. The resource suggests this is the first time EC2 has been used for such a purpose....... but EC2 instances have been compromised before -- as everyone else has already posted, all servers will have these vulnerabilities.

Re:the interesting thing is autoscaling and billin (1)

bangzilla (534214) | more than 4 years ago | (#30395138)

Which is no different than any system that gets hacked/taken over. There is a cost associated with the intrusions *somewhere* along the way. It may be a 3rd party hosting charge, bandwidth or just your time (which may be considerable) in repairing graffiti, clearing your good name etc.

Well, at least it isnt IRC... (0)

Anonymous Coward | more than 4 years ago | (#30391536)

...since we all know IRC is where hackers go to talk when they don't want to be overheard.

IIS (0)

Anonymous Coward | more than 4 years ago | (#30391660)

That's what they get for using windows. Every windows box in existence has been compromised seconds after hooking it up to the internet

Used to inflate ratings? (1)

athowell (1459491) | more than 4 years ago | (#30392298)

I bet someone was using it to buff their ratings!

thundercloud tag (0, Offtopic)

Luyseyal (3154) | more than 4 years ago | (#30392456)

Thundercloud... subs [thundercloud.com] ?

-l

Brute Force ssh attacks from Amazon (3, Interesting)

peterthomas2009 (1599563) | more than 4 years ago | (#30394214)

"This marks the first time Amazon Web Services' cloud infrastructure has been used for this type of illegal activity"

I posted to my blog back in June that Amazon cloud nodes were compromised and performing brute force SSH scans against some of my hosts.

This story and my post merely highlight the obvious fact that most cloud services are just scalable hosting. Remember your instance / slice / vm can be compromised like any other web host.

Amazon Cloud Service Brute Force Attacks [hackertarget.com]

This is new? (1)

digitalgimpus (468277) | more than 4 years ago | (#30394612)

Is this new? Various AWS based IP's have been trying to hookup with my server by fondling it's SSH port for a while now. Damn AWS perverts. Can't keep their sockets and packets to themselves.

I'm (still) seeing penetration attempts (1)

david.emery (127135) | more than 4 years ago | (#30394802)

I'm seeing attempts to access a bunch of non-existent but suspicious files on my server (most recent at 12:32 EST today)

mydomain.com/
      install.txt , cart, zencart, zen-cart, zen, shop, bulk, zcart, shop2, catalog, mobile, iphone, mobi, m, boutique, cart, store

None of these things exist on my server, and it -might be the case- that a legitimate web crawler would look for mobile web customizations in mobile, mobi, iphone or even m, the rest of these make absolutely no sense for anything other than nefarious purposes...

I'm also seeing attacks against
        phpMyAdmin, phpmyadmin, mysql, ok.txt

(There are some significant advantages to running a "dumb" webserver without ASP, PHP, JSP, etc :-)

I need to figure out a way to have a 'blacklist file', such that any attempt to access these files adds the requester to a blacklist.

Re:I'm (still) seeing penetration attempts (1)

peterthomas2009 (1599563) | more than 4 years ago | (#30394920)

Have a look at OSSEC [ossec.net] with active response.

Re:I'm (still) seeing penetration attempts (1)

Slashcrap (869349) | more than 4 years ago | (#30399474)

(There are some significant advantages to running a "dumb" webserver without ASP, PHP, JSP, etc :-)

I need to figure out a way to have a 'blacklist file', such that any attempt to access these files adds the requester to a blacklist.

Get a less dumb webserver?

Re:I'm (still) seeing penetration attempts (0)

Anonymous Coward | more than 4 years ago | (#30410430)

you can use psad [sourceforge.net] to blacklist people making bogus requests

Cloud bot (1)

nurb432 (527695) | more than 4 years ago | (#30394888)

err wait...

Hackers^H^H^H^H^H^H^HCrackers Find Home In Amazon (0)

Anonymous Coward | more than 4 years ago | (#30397554)

Crackers, not Hackers

Re:Hackers^H^H^H^H^H^H^HCrackers Find Home In Amaz (1)

Tim C (15259) | more than 4 years ago | (#30403002)

You've lost that argument, you might as well give it up.

Also, ^W (delete word) not ^H^H^H^H^H^H^H.

Ummm.. did I miss the news portion of this? (1)

thePowerOfGrayskull (905905) | more than 4 years ago | (#30397810)

VMs have been compromised through some exploit that has nothing to do with Amazon. The exploit allowed C&C component of a botnet to lodge itself into the hosting machine(s). And ... it's news because Amazon is hosting? The machines are only as secure as the images provided to Amazon, are they not?

Honeypot attacked over 2 years ago by EC2 Instance (0)

Anonymous Coward | more than 4 years ago | (#30398640)

I had an astrix server honeypot being actively attacked and then compromised by Amazon EC2 instances. After making a bunch of calls to Amazon, it was confirmed that the instance had been compromised and the admins had been contacted. This was two years ago!

Let me see if I can find those emails...

You must be lost, sir. (1)

clint999 (1277046) | more than 4 years ago | (#30400288)

Dude stop it, you're killing me. I mean it. STOP IT, YOU'RE KILLING ME! Oyyyyy....

Whai I got back from Amazon... (1)

david.emery (127135) | more than 4 years ago | (#30400960)

Hello from Amazon.com.

We're sorry to hear you've experienced issues with the malware/penetration attempts coming from Amazon cloud computing servers.

The symptoms you've reported are consistent with malicious software (malware), such as a virus or spyware, installed on your computer. If your computer has been infected with this type of software, it can replace images in the Amazon.com advertisement slots or generate pop-up ads with images that are not intentionally inserted by Amazon or our advertising partners.

followed by a bunch of stuff relevant to delousing Windows desktops...

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?