Slashdot Mirror

← Back to Stories (view on slashdot.org)

Attackers Install DDoS Bots On Amazon Cloud

Posted by timothy on from the fully-buzzword-compliant dept.

itwbennett (1594911) writes "Attackers are exploiting a vulnerability in distributed search engine software Elasticsearch to install DDoS malware on Amazon and possibly other cloud servers. Last week security researchers from Kaspersky Lab found new variants of Mayday, a Trojan program for Linux that's used to launch distributed denial-of-service (DDoS) attacks. The malware supports several DDoS techniques, including DNS amplification. One of the new Mayday variants was found running on compromised Amazon EC2 server instances, but this is not the only platform being misused, said Kaspersky Lab researcher Kurt Baumgartner Friday in a blog post."

8 of 25 comments (clear)

  1. Only a problem for unpatched systems? by timrod · · Score: 4, Insightful

    The article claims that only 1.1.x versions of Elasticsearch were vulnerable, and that the vulnerabilities were fixed in 1.2.x and 1.3.x. To me, this sounds like any company still running 1.1.x versions brought it upon themselves.

  2. But it's the cloud... by houstonbofh · · Score: 4, Funny

    But it's the cloud! I don't have to worry about things like software updates and patching!

    The more things change...

    1. Re:But it's the cloud... by Richard_at_work · · Score: 4, Interesting

      If you choose a cloud offering which does that for you then yes, you don't have to worry about things like software updates and patching.

      However, if you choose a cloud offering which is essentially a hosted server, then you still have to worry about all the things you would with your own local server, excluding power and hardware faults.

      Amazon AWS is a platform provider, its not a fully managed solution and never has been - people have been caught out by that before when availability zones failed and suddenly people realised the benefit of having redundant instances in multiple availability zones.

    2. Re:But it's the cloud... by DivineKnight · · Score: 3, Funny

      Quiet you. A few more revolutions around this sun, and we'll own this planet. We've all but convinced them that they need to move everything onto the cloud, and soon thereafter that they need to upgrade to this year's CPU: ARM (preferably v6). Those of us who are quietly stashing those gigantic x86 16-core / 4 CPU beasts that companies are throwing away because 'IT & programming are last year's business' are sitting pretty for the upset that is to come...I mean, we are looking at a "Napolean won Waterloo" level of misreporting style event, and it feels good.

    3. Re:But it's the cloud... by turbidostato · · Score: 3, Insightful

      "If you choose a cloud offering which does that for you then yes, you don't have to worry about things like software updates and patching."

      Well, yes, you need to worry anyway.

      If it's not done, because it's not done. But if it's done, because of what the update/patching breaks on your own apps.

  3. Oh, Look! A red herring! by houstonbofh · · Score: 3, Insightful

    So a bunch of virtual machines were compromised that happened to be in one location where they looked. KILL AMAZON! Sigh...

  4. Re:Oh, Look! A red herring! by i+kan+reed · · Score: 3, Funny

    Look, slashdotters are terrified of change. If you don't like that, go somewhere else.

    Except that's changing things, so please don't; it's too scary.

  5. Stupid sensationalism by Imagix · · Score: 4, Insightful

    So why is Amazon being specifically mentioned here? What makes this specific to Amazon? Is Google Compute Engine somehow immune to this? Or Azure, or any other hosting provider? Or self-hosted? Better headline: "Servers compromised through known vulnerability, admins failed to update software to close vulnerability."