Security vendor blames Amazon for customer malware

A security vendor claims Amazon Web Services provided a cloud-computing customer with an unpatched version of Windows that resulted in a malware infection.

Bkav, a network security company based in Vietnam, started investigating the incident after the AWS customer complained that Bkav software had failed to catch the data-stealing malware.

[Amazon woos enterprise with Virtual Private Cloud]

Bkav claims that AWS, a division of e-retailer Amazon, initially handed the customer a version of Windows Server 2003 that had not been patched since October 2009. Over the last five years, 300 vulnerabilities have been reported in the operating system, according to CVE Details.

Bkav believes the OS was compromised before the customer had a chance to update the software, Ngo Tuan Anh, vice president of Internet security, wrote in the company's blog Wednesday.

Hackers continuously scan the Internet for vulnerabilities in servers, so it is possible they found the unpatched OS and infected it with malware as soon as it was turned on, Anh said.

When a company chooses Amazon's cloud-computing service, it selects a package of technologies, called an Amazon Machine Image (AMI), that is suppose to include a fully patched operating system, application server and applications. How Bkav's customer got unpatched software is not clear.

Amazon declined comment.

Bkav tested the cloud-computing services of Microsoft, Hewlett-Packard and GoGrid and claims to have found that Microsoft Azure was the only one consistently running updated versions of Windows. HP Public Cloud had some versions eight months out of data, while GoGrid had versions that had not been patched since April 2012, Bkav said.

[Amazon hack highlights customer service security weakness]

GoGrid did not respond to a request for comment, but HP said its "cloud team closely examines our systems and sites for potential vulnerabilities, and remediates as needed."

"Also, it should be noted that HP consistently employs security controls and procedures to protect against potential attacks that target our systems and networks," the company said in a statement emailed to CSOonline.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags MicrosoftAmazon Web Servicesapplication securityAccess control and authenticationAmazon AWSapplication service providercloud security mistakescloud security vendorsNetworking and Internet

More about Amazon Web ServicesAmazon Web ServicesHewlett-Packard AustraliaHPMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Antone Gonsalves

Latest Videos

More videos

Blog Posts