Amazon is a hornet’s nest of malware

January 16

(Rick Wilking/Reuters)

Amazon's cloud computing service plays host to some of the most prolific malware distributors on the Internet, security researchers have discovered.

Of the 10 sites that pump out malware most frequently, four are hosted on Amazon Web Services (AWS) — including the number one site, download-instantly.com, according to a threat report published Wednesday by the IT security firm Solutionary.

The report comes a week after we learned that hackers allegedly used Amazon's cloud hosting solution as a platform for a botnet that scraped personal information from potentially millions of LinkedIn subscribers.


(Solutionary)

Cloud computing is becoming an attractive way for online criminals to launch attacks against businesses and consumers because of its low cost. It allows users to instantly set up an array of virtual servers that can be ordered to perform both legitimate and abusive functions.

Together, the four Amazon-hosted sites accounted for 6 percent of all malware Solutionary found in the fourth quarter of 2013, according to the report. Amazon (whose chief executive, Jeffrey P. Bezos, owns The Washington Post) is the leading malware host among global hosting providers, followed closely by GoDaddy.

The e-commerce giant has taken an active stance on its abusive customers. In 2009, after reports surfaced of a botnet controller living on AWS, the company said it had located the offending malware and shut it down. Amazon also operates an e-mail hotline dedicated to handling reports of AWS abuse.


(Solutionary)

But that hasn't stopped cybercriminals from taking advantage of Amazon's cloud service. In a 2009 presentation at the Black Hat security conference, one consultant demonstrated how AWS's massive computing power could be used as a super-powered password cracker. A typical eight-character alphanumeric password might cost as little as $45 to crack. More recently, AWS was found to be hosting SpyEye, a trojan that let hackers gain access to the online accounts of banking customers.

Amazon has argued that it's much better to find the malware on its own systems, where it can be cordoned off and eliminated, rather than have it hosted on the servers of other, less responsive companies.

"We take security very seriously, and investigate all reported vulnerabilities," the company writes on its threat reporting page.

A spokesperson for AWS did not return a request for comment Wednesday.

Brian Fung covers technology for The Washington Post.
Comments
Show Comments
Most Read Business
Next Story
Brian Fung · January 16