news today that bot herders used Google App Engine to feed commands to networks of infected computers. According to Arbor Networks, the bot herd was discovered over the weekend. After being notified of the attack, Google quickly shut down the infected app engine.Google has confirmed
Also on Monday, the Koobface botnet was attacking Google Reader to send malicious links through Twitter, Facebook and other social networks.
The breach is another sign that black hatters are taking a much keener interest in the cloud infrastructure for making attacks. And even Google is at risk.
Here's the news of today's attack, showing in some respects the depth of the breach and the reaction it caused. It's an interesting look at the importance of knowing when an attack actually happens and then how to respond.
Bot herders are a nasty lot. They infect people's computers, turning them into nodes on a zombie network. The network can then be used to serve malware for all kinds of purposes such as for stealing password information from Twitter and Facebook and then using that information to commit fraud such as depleting bank accounts.
In this attack on Google App Engine, a url for downloading an infected application went across the network. This allowed the bots to feed commands to infect more computers and make them part of the network, too.
Update: A statement from Google App Engine about the incident:
"Google actively works to protect our users from malware. Using Google App Engine, or any of our products, for distribution or coordination of malware is a violation of our product policies, and we will disable any App Engine applications discovered to be used for these purposes."