My guess is that most cloud providers have procedures in place to help avoid banning legitimate customers because one of their instances got infected with malware (effectively what a rogue agent would be).