Amazon’s EC2 service is the latest cloud-based service being exploited by the Zeus Trojan. Security researchers have discovered the Trojan is using EC2 as one of its command and control centers. PCs that have been infected with the malware and turned into zombies report to the service for updates, instructions and possibly even more malware.

         “We believe this was a legitimate service that was purchased and compromised via a vulnerability” such as a weak password, Don DeBolt, CA’s director of threat research, told The Reg. “It could have been any vulnerable system on the internet.”

Other services that Zeus has been using as C & C centers include Twitter, Facebook, and Google Apps. Such sites are attractive to botnet herders because they are cheap, easily available and simply don’t set off any alarms or notifications when the zombies connect to them. Another thing that makes them attractive is that unlike obscure Chinese or Russian domains, blacklisting such popular services simply isn’t likely to ever happen. In effect they are using these services as camouflage.

Amazon shut down the infected EC2 channel after being notified, but it likely won’t keep Zeus down for long. Cybercriminals have invaded the Cloud and are here to stay.