A Storm Is Brewing: The Trouble of Malware in the Cloud

Malware is a significant threat for cloud hosting services, and pinpointing the attackers is tough. SSPL/Getty Images

When I wrote a series of articles explaining How Cloud Computing Works several years ago, the phrase “cloud computing” — the practice of storing and processing data on remote servers that can be accessed online — was just starting to catch on. More people are familiar with the term today, though many still aren't sure what it means. But for those concerned about the security of the cloud, a recent study could give us a glimpse into the future of detecting computer viruses and other malware.

First, the basics. Cloud computing isn't that mysterious — it's a relatively simple strategy. It involves networking computers, connecting the network to the internet and using those computers to provide services to people. Those services can be simple storage solutions, like an online photo album or filing system like Google Drive. Or they can involve leveraging the networked computers' processors to do work a personal computer couldn't handle. In any case, cloud computing can be summed up with the phrase “it's all happening on someone else's computer.”

Now for the scary stuff. Researchers at the Georgia Institute of Technology,  Indiana University Bloomington and the University of California, Santa Barbara  found that about 10 percent of the repositories provided by 20 major cloud hosting services, including Google and Amazon platforms, were compromised. These bad repositories, aka “Bars,” contained malware in certain “buckets” that could be delivered to users through websites or online services, infecting countless devices. Bars even infected popular websites, such as Groupon and Space.com.

According to the researchers, detecting malware on cloud storage services is tricky, because often hackers break the malware into smaller pieces that security scans won't identify as malicious code. When ready, the hackers can assemble the pieces and use the cloud storage service as a delivery mechanism for all sorts of computer nastiness.

The researchers identified signs indicating the presence of “bad actors,” or evidence that would make it easier to detect malware. They started with repositories that they knew were compromised and searched for common identifiers, like sketchy redirects and the presence of “gatekeeper” sites that hid the Bars. Using this information, the team created a scanning tool they call “BarFinder.”

The researchers hope they can license the BarFinder application to security companies and cloud storage services to uncover and eliminate much of the malware in the cloud. If successful, it would improve the security of the internet and reduce the risk of getting hit with a malicious program.