Legitimate file-hosting sites next target for malware
- By Kathleen Hickey
- Feb 09, 2012
If a recent attack on SendSpace is a harbinger of things to come, then legitimate file-hosting sites could be the next target where stolen data can be automatically stored by malware.
New malware is automatically uploading and transferring malicious files through hosting site SendSpace, according to security experts. The site then accepts the files and generates a link that others can download.
The malware grabs Microsoft Word and Excel files from users’ infected systems and then uploads them to the file-hosting site SendSpace.com, Roland Dela Paz, a threat response engineer with Trend Micro’s TrendLabs, wrote in a blog post Feb. 3. SendSpace is a file-hosting website that offers hosting to enable users to “send, receive, track and share [their] big files.”
“SendSpace was recently used for dropping stolen data but [it] wasn’t done automatically by malware,” Dela Paz wrote. The company reported late last year that hackers used SendSpace for rounding up and uploading stolen data.
The 3 steps to securing an Android smart phone
Google's Bouncer shows Android malware the door
The attack is the first time Trend Micro has seen automatic uploading of malware to a legitimate file-hosting site, Dela Paz said. Using legitimate file-hosting sites for malicious code distribution could become a trend, said Trend Micro solutions architect Ivan Macalintal.
The new method “highlights a serious concern for the security industry and users alike. Document theft and exfiltration are now not only seen in targeted attacks but in mass campaigns as well,” Macalintal said in the blog.
Rik Ferguson, director of security research and communication for Trend Micro in Europe, said using a legitimate hosting site to distribute malware offers several advantages to criminals, according to an article by Jeremy Kirk in CFO World, Feb. 6.
Not only does it appear less suspicious, but authorities are less likely to take down a legitimate site than one hosted by cyber criminals, Ferguson said. Additionally, using a storage service adds yet another layer to mask the origin of the malicious code. It’s especially handy for so-called advanced persistent threats, attacks where cyber spying on organizations can occur for an extended period. Hacked organizations will not regard outbound connections to a file-hosting service as suspicious, making the discovery and elimination of the malware difficult, he said.
SendSpace was notified of the issue by TrendLabs and has been working on a solution to the problem, CFO World reported.
Other systems are also coming under attack, most notably Android. The popularity of smart phones and tablets has increased the number of malware applications targeting the mobile operating system
Trend Micro recently found a server in Germany being used to launch malware for Android OS and Symbian, including market applications, according to a blog entry by Paul Pajares, a fraud analyst with TrendLabs.
GCN listed three steps users can take to safeguard their Android smart phones in an article Feb. 6. Those steps include restricting physical access to the phones, securing stored data and applying advanced security protocols. Google is also taking steps to eliminate malware applications on its marketplace with Google Bouncer, GCN reported Feb. 3.
Kathleen Hickey is a freelance writer for GCN.