s1LX

Bot herders turn to the cloud for command-and-control

// November 10th, 2009 // Tech News

On Monday, the security blog at Arbor Networks reported finding a bit of malware that checked in with a remote account to download some URLs. On its own, this is hardly a newsworthy event; botnets have used all sorts of communications protocols to receive updated code and information. What makes this discovery distinct is that the code that was feeding URLs to the botnet was running on Google’s AppEngine platform. These days, malware itself tends to act a bit like a grid computing service. The actual software that compromises a user’s system tends to be fairly generic, hiding its presence and spreading where possible, but not actually doing much until activated. Once activated, the compromised machines use whatever resources are at their disposal to complete whatever task they’re ordered to do. Those orders, which are spread through just about every Internet protocol imaginable—from HTTP to IRC—provide things like the body of a message to spam or a series of addresses to target with a denial of service attack.