Security vendor blames Amazon for customer malware

Network security firm Bkav claims Amazon Web Services is responsible for data-stealing malware found in a company's cloud application.

cloud security

A security vendor claims Amazon Web Services provided a cloud-computing customer with an unpatched version of Windows that resulted in a malware infection.

Bkav, a network security company based in Vietnam, started investigating the incident after the AWS customer complained that Bkav software had failed to catch the data-stealing malware.

[Amazon woos enterprise with Virtual Private Cloud]

Bkav claims that AWS, a division of e-retailer Amazon, initially handed the customer a version of Windows Server 2003 that had not been patched since October 2009. Over the last five years, 300 vulnerabilities have been reported in the operating system, according to CVE Details.

Bkav believes the OS was compromised before the customer had a chance to update the software, Ngo Tuan Anh, vice president of Internet security, wrote in the company's blog Wednesday.

Hackers continuously scan the Internet for vulnerabilities in servers, so it is possible they found the unpatched OS and infected it with malware as soon as it was turned on, Anh said.

When a company chooses Amazon's cloud-computing service, it selects a package of technologies, called an Amazon Machine Image (AMI), that is suppose to include a fully patched operating system, application server and applications. How Bkav's customer got unpatched software is not clear.

Amazon declined comment.

Bkav tested the cloud-computing services of Microsoft, Hewlett-Packard and GoGrid and claims to have found that Microsoft Azure was the only one consistently running updated versions of Windows. HP Public Cloud had some versions eight months out of data, while GoGrid had versions that had not been patched since April 2012, Bkav said.

[Amazon hack highlights customer service security weakness]

GoGrid did not respond to a request for comment, but HP said its "cloud team closely examines our systems and sites for potential vulnerabilities, and remediates as needed."

"Also, it should be noted that HP consistently employs security controls and procedures to protect against potential attacks that target our systems and networks," the company said in a statement emailed to CSOonline.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.