Feeds

Bot herders hide master control channel in Google cloud

Google AppEngine co-opted

Securing Web Applications Made Simple and Scalable

Cyber criminals' love affair with cloud computing just got steamier with the discovery that Google's AppEngine was tapped to act as the master control channel that feeds commands to large networks of infected computers.

The custom application was used to relay download commands to PCs that had already been infected and made part of a botnet, said Jose Nazario, the manager of security research at Arbor Networks. Google shut down the rogue app shortly after being notified of it.

The discovery is the latest to highlight bot herders' growing embrace of the cloud, in which applications and data are hosted on large, publicly available servers instead of stand-alone machines. Last Friday, researchers from Symantec found a Facebook account pumping commands to zombie drones. And in August, Nazario found several Twitter accounts that were doing much the same thing.

Also on Monday, researchers from anti-virus provider Trend Micro reported that the massive Koobface botnet was abusing Google Reader to spam malicious links to Facebook and other social networking sites.

Black hat hackers are being drawn to the cloud by many of the same benefits attracting everyone else, namely cheap and scalable processing exactly when it's needed. But they also like the anonymity and obscurity that come from using many such services.

"It's the low cost, it's the high availability," Nazario told The Reg. "And the security measures in place for most of these things are retroactive, meaning it takes somebody to identify and investigate and take them down. You're really free to swim in the huge flood of user generated content, as long as you don't stick out too much."

Google's AppEngine provides a framework for running custom applications that can handle requests from millions of computers. The app spotted by Nazario appeared to recycle code from Grey Pigeon and Hupigon toolkits available in the attacker underground.

Infected PCs that checked in with the malicious app were instructed to download the PCClient backdoor from a third-party server. Because the channel software was hosted on the heavily fortified Google, he was unable to get his hands on the source code itself or to observe other commands it may have carried out.

And that may be another reason why black hats are flocking to the cloud.

"Going to a company as big as Google and saying 'Can we get an image of that server,' that's a pretty high barrier," he said. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.