Security researchers urge AWS customers running Elastic Cloud Compute (EC2) instances based on community Amazon Machine Images (AMIs) to check for potentially malicious embedded code, following their discovery of a cryptominer lurking inside a Community AMI.
An AMI is a template with a software configuration – an operating system, application server, and applications – needed to launch a virtual machine. From an AMI, users launch an instance, or a copy of the AMI running as a virtual server in the cloud. Users can launch multiple instances from one AMI when they need multiple instances with the same configuration, or they can use different AMIs to launch instances when different configurations are needed.
AMIs vary depending on users' needs, and there are different ways to get them through Amazon. One is the AWS Marketplace, where users can buy AMIs or pay per use for them. These AMIs are verified by Amazon and can only be published by preapproved users. Amazon EC2 integrates with Marketplace so developers can charge other EC2 users for AMI usage.
Amazon EC2 lets users create community AMIs by making them public so they're shared with other AWS accounts. Someone who creates a community AMI can allow all AWS accounts to launch the AMI, or only allow a few specific accounts. Those who launch a community AMI don't pay for the AMI itself but for the compute and storage resources used on that machine.
"If I want a Windows Server, I can get a new, clean Amazon EC2 instance, install Windows Server on it, get everything done myself, or I can go and get an AMI that does all this for me, and a ..
Support the originator by clicking the read the rest link below.
