The biggest cloud on the planet is owned by … the crooks

This post has been updated to better explain the reach of the Conficker botnet and to clarify the current status of Conficker. Also, a new related post on the subject can be found here.

Who’s got the biggest cloud in the tech universe? Google? Pretty big, but no. Amazon? Lots and lots of servers, but not even close. Microsoft? They’re just getting started.

Household names all, but their capacity pales to that of the biggest cloud on the planet, the network of computers controlled by the Conficker computer worm. Conficker controls 6.4 million computer systems in 230 countries at 230 top level domains globally, more than 18 million CPUs and 28 terabits per second of bandwidth, said Rodney Joffe, senior vice president and senior technologist at the infrastructure services firm Neustar.

The biggest cloud on the planet is controlled by a vast criminal enterprise that uses that botnet to send spam, hack computers, spread malware and steal personal information and money, Joffe said.

In other words, the cloud is mobbed up.

Joffe explained how Conficker meets the definition of a cloud service provider in a presentation at the Cloud Connect conference held last week in Santa Clara, Calif.

Like legitimate cloud vendors, Conficker is available for rent and is just about anywhere in the world a user would want their cloud to be based. Users can choose the amount of bandwidth they want, the kind of operating system they want to use and more. Customers have a variety of options for what services to put in the Conficker cloud, be it a denial-of-service attack, spam distribution or data exfiltration.

UPDATE: Joffe said Conficker has not been as active as it once was, but is still a threat. The last reported attack was in February on the network of the Manchester, UK, police department. Joffe said  the last major Conficker attack was in April 2009.

Conficker is much more competitive than those legit vendors in many ways, Joffe continued. It has much more experience, dating back to 1998, has a larger footprint and unlimited new resources as it spreads malware far and wide to take over more computers.

“And there are no costs. And there are no moral, ethical or legal constraints,” Joffe said, to chuckles from the audience. After all, the criminals stole their computing capacity from someone else.

By the way, the biggest legitimate cloud provider is Google, based on Joffe’s information, made up of 500,000 systems, 1 million CPUs and 1,500 gigabits per second (Gbps) of bandwdith. Amazon comes in second with 160,000 systems, 320,000 CPUs and 400 Gbps of bandwidth, while Rackspace offers 65,000 systems, 130,000 CPUs and 300 Gbps.

Joffe described the vastness of the Conficker cloud to make a point that companies need to do their homework as they decide to sign up for cloud computing services as well as how to run their own IT systems. They should study up on botnets like Conficker, protect their own infrastructure and applications and assume they’ll someday be a target of botnets because “they’re great learners,” he said.

And when a company does subscribe to a cloud computing service, make sure the provider is aware of your general “behavior,” he said, such as usual patterns of compute cycles and other signs. They have a name for cloud clients whose behavior becomes abnormal, meaning they could have been compromised, Joffe said: black clouds.

Check out these other posts by Robert Mullins and other Microsoft Subnet bloggers

Microsoft guy tells open source conference it’s ‘really changing’

Bracing for a cybersecurity Pearl Harbor

IE 6: Patch Tuesday won’t be the same without you

File-sharing risk a company’s responsibility to restrict

Commercial tools not on tap for Windows 7 deployments

Microsoft yanks down its capacity planning tool for Exchange 2007, other servers

Which browser is more secure IE8, Safari 4, Firefox 3.5, Chrome 4, or Opera 10?