Comments for Bot Herders Used Google App Engine To Spread Malware

Bot Herders Used Google App Engine To Spread Malware

2009-11-10T04:24:03Z

Google has confirmed news today that bot herders used Google App Engine to feed commands to networks of infected computers. According to Arbor Networks, the bot herd was discovered over the weekend. After being notified of the attack, Google quickly shut down the infected app engine.

Also on Monday, the Koobface botnet was attacking Google Reader to send malicious links through Twitter, Facebook and other social networks.

The breach is another sign that black hatters are taking a much keener interest in the cloud infrastructure for making attacks. And even Google is at risk.

]]> Here's the news of today's attack, showing in some respects the depth of the breach and the reaction it caused. It's an interesting look at the importance of knowing when an attack actually happens and then how to respond.

Bot herders are a nasty lot. They infect people's computers, turning them into nodes on a zombie network. The network can then be used to serve malware for all kinds of purposes such as for stealing password information from Twitter and Facebook and then using that information to commit fraud such as depleting bank accounts.

In this attack on Google App Engine, a url for downloading an infected application went across the network. This allowed the bots to feed commands to infect more computers and make them part of the network, too.

Update: A statement from Google App Engine about the incident:

"Google actively works to protect our users from malware. Using Google App Engine, or any of our products, for distribution or coordination of malware is a violation of our product policies, and we will disable any App Engine applications discovered to be used for these purposes."

Comment from Used Engines on 2011-04-07

2011-04-07T14:42:01Z

HI,

Its really so interesting news guys that Bot Herders used Google app engine to spread Malware, great work guys so impressive.

Thanks for it.

Comment from drjackworendАя on 2010-12-12

2010-12-13T03:30:39Z

Hi guys! I'm new here and so far I'm really happy that you have such a great place where to share your information :) Let me introduce myself: I'm a doctor and also sometimes work as a fitness instructor. I have a great experience about health, how the muscles work properly and how to lose weight without wasting a time which these days is very, very valuable. Just for those who are interested: If you want to find one of the best methods how to lose your weight and build your muscles quickly without wasting time and also without using any unhealthy products then you can read my articles on my blog: http://health.emptylimits.com - don't worry, it's totally for free ;) Please, don't consider this as spam! All I want is to share my knowledge to people who really need it. If you have any questions then you can feel free to send me message or contact me by e-mail, I will be greatful to help! I wish you healthy health! - Dr. Jack Worender

Comment from erotic shop on 2010-11-09

2010-11-09T11:03:53Z

Wow....not even Google is safe. People, I among them, tend to think that Google is bulletproof in this regard but this proves otherwise. I actually know very little about the GAE, so I don't really get how they used this to push malware through. Still, I am sure Google closed up the hole with little delay

Comment from Cep telefonu on 2010-08-11

2010-08-11T22:14:06Z

Now the virus is everywhere, using a variety of services and software, Google can not avoid.

Comment from Kontör on 2010-08-11

2010-08-11T22:13:06Z

Hey Alex thank you so much for sharing this interesting article with us, nice information.. This is really very helpful for me, as Bot Herders do i'll also try & use the Google Apps To Spread Malware..

Comment from seks shop on 2010-08-11

2010-08-11T22:11:38Z

The breach is another sign that black hatters are taking a much keener interest in the cloud infrastructure for making attacks. And even Google is at risk.

Comment from Turkcell kontör on 2010-08-11

2010-08-11T22:10:30Z

Google actively works to protect our users from malware. Using Google App Engine, or any of our products, for distribution or coordination of malware is a violation of our product policies, and we will disable any App Engine applications discovered to be used for these purposes

Comment from erotik shop on 2010-08-11

2010-08-11T22:09:08Z

Comment from Avea kontör on 2010-08-11

2010-08-11T22:07:43Z

Here's the news of today's attack, showing in some respects the depth of the breach and the reaction it caused. It's an interesting look at the importance of knowing when an attack actually happens and then how to respond.

Comment from sex shop on 2010-08-11

2010-08-11T22:06:37Z

The breach is another sign that black hatters are taking a much keener interest in the cloud infrastructure for making attacks. And even Google is at risk.

Comment from Vodafone kontör on 2010-08-11

2010-08-11T22:05:35Z

Also on Monday, the Koobface botnet was attacking Google Reader to send malicious links through Twitter, Facebook and other social networks.

Comment from sex shop on 2010-07-26

2010-07-26T16:41:46Z

One of the most exciting parts of the Amazon Web Services in my humble opinion is the linking of Alexa data. Alexa contains information about the ranking, traffic and demographics

Comment from sesli chat on 2010-05-11

2010-05-12T02:22:55Z

this is why cloud computing is stupid; this and a couple of other reasons. if you're a real company, and have real intellectual property, and use cloud, you're a tard

Comment from sex shop on 2010-04-13

2010-04-13T10:49:46Z

It just shows how aggressive these guys are getting to make money. Malware authors are always looking for new vectors to try to infect machines. This is why we preach so much about keeping machines patched, and security software up to date and running. Users have a lesser chance of becoming part of the problem

Comment from Pigeon Whole on 2010-03-27

2010-03-28T02:43:04Z

Hey all us bot builders aren't bad guys lol.

I really don't trust the idea of cloud computing, right now physical security of data is our last line of defense & I really don't want to give that up.

Comment from Laura on 2010-01-21

2010-01-21T15:40:41Z

Comment from MT on 2009-11-12

2009-11-13T03:03:03Z

so the question is: what is it that they (Google) are going to do about it. Offer any suggestions or give us rigths to free program to use?

Comment from lemon obrien on 2009-11-10

2009-11-10T21:07:53Z

this is why cloud computing is stupid; this and a couple of other reasons. if you're a real company, and have real intellectual property, and use cloud, you're a tard.

Comment from Chris Hinkle on 2009-11-10

2009-11-10T18:23:57Z

This article should probably make an attempt to distinguish the too Google offerings, Google App Engine and Google Apps. The former was the compromised service, according the register, the latter is an enterprise email, calendar offering, and was not involved.

Comment from Beth Jones on 2009-11-10

2009-11-10T13:35:13Z

Beth Jones, SophosLabs

Comment from champions online resources on 2009-11-10

2009-11-10T10:33:28Z

Now the virus is everywhere, using a variety of services and software, Google can not avoid.

Comment from clavier on 2009-11-09

2009-11-10T06:58:01Z