Just recently, Trend Micro had an issue with some IP ranges from the Amazon EC2 data centers. Based on the procedures of our email reputation database, active spamming IP addresses are automatically blocked.
Hosting, as always, can be used as a platform for malware distribution. It does not really matter if it is a really small hosting provider with a few racks of hardware boxes or huge infrastructure with tons of hardware offering services in the cloud.
The legitimate IP addresses of the cloud pool enables cybercriminals to use the malware services as abuse free hosting. If we take EC2 as an example, a client can reserve the pool of IP addresses and can easily manipulate this list by assigning the virtual instance of the existing IPs from the pool or by adding new ones.
Fraudulent activities in the hosting cloud are difficult to trace. This makes perfect sense for cybercriminals who are trying to take advantage of a reputable organization by using it to hide their malicious business model. With that in mind, it is likely that in 2010, we will see a significant growth in the misuse of cloud hosting services.