Title :
Outsourcing Malicious Infrastructure to the Cloud
Author :
Kontaxis, Georgios ; Polakis, Iasonas ; Ioannidis, Sotiris
Author_Institution :
Inst. of Comput. Sci., Found. for Res. & Technol. Hellas, Patras, Greece
Abstract :
Malicious activities, such as running botnets, phishing sites or key loggers, require an underlying infrastructure for carrying out vital operations like hosting coordination mechanisms or storing stolen information. In the past, attackers have used their own resources or compromised machines. In this paper, we discuss the emerging practice of attackers outsourcing their malicious infrastructure to the Cloud. We present our findings from the study of the first major key logger that has employed Paste bin for storing stolen information. Furthermore, we outline the traits and features of Cloud services in facilitating malicious activities. Finally, we discuss how the nature of the Cloud may shape future security monitoring and enhance defenses against such practices.
Keywords :
cloud computing; security of data; cloud services; malicious activities; malicious infrastructure outsourcing; Cloud computing; Google; IP networks; Malware; Monitoring; Outsourcing;
Conference_Titel :
SysSec Workshop (SysSec), 2011 First
Conference_Location :
Amsterdam
Print_ISBN :
978-1-4577-1528-0
DOI :
10.1109/SysSec.2011.25