Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Cloud Crime IT

Attackers Install DDoS Bots On Amazon Cloud 25

itwbennett (1594911) writes "Attackers are exploiting a vulnerability in distributed search engine software Elasticsearch to install DDoS malware on Amazon and possibly other cloud servers. Last week security researchers from Kaspersky Lab found new variants of Mayday, a Trojan program for Linux that's used to launch distributed denial-of-service (DDoS) attacks. The malware supports several DDoS techniques, including DNS amplification. One of the new Mayday variants was found running on compromised Amazon EC2 server instances, but this is not the only platform being misused, said Kaspersky Lab researcher Kurt Baumgartner Friday in a blog post."
This discussion has been archived. No new comments can be posted.

Attackers Install DDoS Bots On Amazon Cloud

Comments Filter:
  • by digsbo ( 1292334 ) on Monday July 28, 2014 @10:41AM (#47550321)
    Is the AWS cloud so powerful that it can create a DDOS botnet that it cannot withstand?
    • Easiest DDOS ever: install a worm that makes the targeted site take part in a DDOS, and get disconnected as a security measure.

    • by alen ( 225700 )

      being that amazon charges you for incoming and outgoing data, i don't think they really care

  • by Joe Gillian ( 3683399 ) on Monday July 28, 2014 @10:47AM (#47550361)

    The article claims that only 1.1.x versions of Elasticsearch were vulnerable, and that the vulnerabilities were fixed in 1.2.x and 1.3.x. To me, this sounds like any company still running 1.1.x versions brought it upon themselves.

  • by houstonbofh ( 602064 ) on Monday July 28, 2014 @10:48AM (#47550367)
    But it's the cloud! I don't have to worry about things like software updates and patching!

    The more things change...
    • by Richard_at_work ( 517087 ) on Monday July 28, 2014 @10:55AM (#47550435)

      If you choose a cloud offering which does that for you then yes, you don't have to worry about things like software updates and patching.

      However, if you choose a cloud offering which is essentially a hosted server, then you still have to worry about all the things you would with your own local server, excluding power and hardware faults.

      Amazon AWS is a platform provider, its not a fully managed solution and never has been - people have been caught out by that before when availability zones failed and suddenly people realised the benefit of having redundant instances in multiple availability zones.

      • If you choose a cloud offering which does that for you then yes, you don't have to worry about things like software updates and patching.

        I would say you still have to worry about it, and verify it was done. You just do not have to actually do it...

      • by turbidostato ( 878842 ) on Monday July 28, 2014 @12:04PM (#47551023)

        "If you choose a cloud offering which does that for you then yes, you don't have to worry about things like software updates and patching."

        Well, yes, you need to worry anyway.

        If it's not done, because it's not done. But if it's done, because of what the update/patching breaks on your own apps.

    • Re: (Score:3, Funny)

      Quiet you. A few more revolutions around this sun, and we'll own this planet. We've all but convinced them that they need to move everything onto the cloud, and soon thereafter that they need to upgrade to this year's CPU: ARM (preferably v6). Those of us who are quietly stashing those gigantic x86 16-core / 4 CPU beasts that companies are throwing away because 'IT & programming are last year's business' are sitting pretty for the upset that is to come...I mean, we are looking at a "Napolean won Waterlo
  • by houstonbofh ( 602064 ) on Monday July 28, 2014 @10:52AM (#47550409)
    So a bunch of virtual machines were compromised that happened to be in one location where they looked. KILL AMAZON! Sigh...
  • by Imagix ( 695350 ) on Monday July 28, 2014 @11:23AM (#47550667)
    So why is Amazon being specifically mentioned here? What makes this specific to Amazon? Is Google Compute Engine somehow immune to this? Or Azure, or any other hosting provider? Or self-hosted? Better headline: "Servers compromised through known vulnerability, admins failed to update software to close vulnerability."
    • Re: (Score:2, Interesting)

      by Anonymous Coward

      My guess is they just looked at a couple EC2 machines, and since no one uses Azure or Google Compute Engine, they just didn't bother following up on those and made a blanket statement that it applies to all environments (which it does). This has nothing to do with EC2, or Azure or any other environment, really. This is a vulnerability in a piece of 3rd party distributed search engine software that a bunch of people were too lazy to update.

      The real headline just doesn't perform quite as well as the clickba

  • by Anonymous Coward

    I am not paranoid in the least, but I know from experience that if you provide a reason for hackers to attack. No matter if that's a platform for sending out malware or DOS or whatever. Or if its just to mine personal information and exploit credit cards, identification and whatever else. The hackers will no doubt be trying to circumvent
    security and you know they will succeed. I don't see cloud as any more viable then saying it will never rain again and always be Sunny. We know that will never happen. The c

  • by Anonymous Coward

    This would be wittier if it was Microsoft SkyDrive, but meh.

    The cloud is failing. This is one specific instance of how virtualization's "lower costs" aren't lower at all. Somewhere along the line, the person responsible for this outsourcing to AWS, misunderstands that they are still responsible for security and maintenance, and in fact should be hiring MORE staff, not laying staff off to fake cost savings to shareholders. It will take only one really high profile AWS "destruction" and then no enterprise bus

To stay youthful, stay useful.

Working...