Legitimate file-hosting sites next target for malware

If a recent attack on SendSpace is a harbinger of things to come, then legitimate file-hosting sites could be the next target where stolen data can be automatically stored by malware.

New malware is automatically uploading and transferring malicious files through hosting site SendSpace, according to security experts. The site then accepts the files and generates a link that others can download.

The malware grabs Microsoft Word and Excel files from users’ infected systems and then uploads them to the file-hosting site SendSpace.com, Roland Dela Paz, a threat response engineer with Trend Micro’s TrendLabs, wrote in a blog post Feb. 3. SendSpace is a file-hosting website that offers hosting to enable users to “send, receive, track and share [their] big files.”

“SendSpace was recently used for dropping stolen data but [it] wasn’t done automatically by malware,” Dela Paz wrote. The company reported late last year that hackers used SendSpace for rounding up and uploading stolen data.

Related coverage:

The 3 steps to securing an Android smart phone

Google's Bouncer shows Android malware the door

The attack is the first time Trend Micro has seen automatic uploading of malware to a legitimate file-hosting site, Dela Paz said. Using legitimate file-hosting sites for malicious code distribution could become a trend, said Trend Micro solutions architect Ivan Macalintal.

The new method “highlights a serious concern for the security industry and users alike. Document theft and exfiltration are now not only seen in targeted attacks but in mass campaigns as well,” Macalintal said in the blog.

Rik Ferguson, director of security research and communication for Trend Micro in Europe, said using a legitimate hosting site to distribute malware offers several advantages to criminals, according to an article by Jeremy Kirk in CFO World, Feb. 6.

Not only does it appear less suspicious, but authorities are less likely to take down a legitimate site than one hosted by cyber criminals, Ferguson said. Additionally, using a storage service adds yet another layer to mask the origin of the malicious code. It’s especially handy for so-called advanced persistent threats, attacks where cyber spying on organizations can occur for an extended period. Hacked organizations will not regard outbound connections to a file-hosting service as suspicious, making the discovery and elimination of the malware difficult, he said.

SendSpace was notified of the issue by TrendLabs and has been working on a solution to the problem, CFO World reported.

Other systems are also coming under attack, most notably Android. The popularity of smart phones and tablets has increased the number of malware applications targeting the mobile operating system

Trend Micro recently found a server in Germany being used to launch malware for Android OS and Symbian, including market applications, according to a blog entry by Paul Pajares, a fraud analyst with TrendLabs.

GCN listed three steps users can take to safeguard their Android smart phones in an article Feb. 6. Those steps include restricting physical access to the phones, securing stored data and applying advanced security protocols. Google is also taking steps to eliminate malware applications on its marketplace with Google Bouncer, GCN reported Feb. 3.

About the Author

Kathleen Hickey is a freelance writer for GCN.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected