Malware automates storing of data haul on file-hosting site SendSpace
- 07 February, 2012 01:26
- Comments
Trend Micro researchers have discovered a piece of malicious software that automatically uploads its stolen data cache to the SendSpace file-sharing service for retrieval.
Malware authors have used file-hosting and sharing servers for that purpose before, but this is the first time malware has been noticed to do that automatically, wrote Roland Dela Paz, a threat response engineer with Trend Micro.
SendSpace accepts files and then generates a link that can be shared with other people to download the content in the files. The malware has been configured to send files, copy the download link and send it to a command-and-control server along with the password needed to access the archive, Dela Paz wrote.
It appears SendSpace's terms of service would prohibit use of the site that way. SendSpace said in response to an email that it was "notified of this several days ago by Trend Micro themselves, and we're working to find a solution for this."
File-storage services offer several advantages for cybercriminals, said Rik Ferguson, director of security research and communication for Trend Micro in Europe.
Although the cybercriminals often use networks of proxy computers to mask how they are communicating with a compromised computer, using a storage service adds another layer, Ferguson said. "It breaks in some ways the chain of evidence," he said.
Also, authorities would be less likely to take down a legitimate file-hosting service than a new server set up by scammers, Ferguson said.
The services are especially useful for so-called Advance Persistent Threat attacks, where cyberspies seek to infiltrate an organization for a long period of time, Ferguson said. There is also a better chance that organizations that are hacked will not regard outbound connections to a file-hosting service as suspicious, making it less likely the connection will be shut down, he said.
"Basically it's criminals taking advantage of public infrastructure to appear less suspicious," Ferguson said.
Send news tips and comments to jeremy_kirk@idg.com
- Bookmark this page
- Share this article
- Got more on this story? Email Computerworld
- Follow Computerworld on twitter
- Eight things senior managers need to know about data encryption
- Optimizing Data Quality in the Enterprise - How to Tackle Your Bad Information
- Case Study: BNP Paribas Deploys Oracle Exadata to Accelerate Information Processing - The Hardware Perspective
- Key Considerations in Modernising Your Backup and Deduplication Solutions
- New Mobility Requires a New Network Strategy
-
The NBN, service providers and you... what could go wrong?
-
NBN build gaining momentum daily: Quigley
-
FTC chairman: Do-not-track law may not be needed
-
Kindle sales soar but Amazon mum on actual numbers
-
Wall Street Beat: IPOs, M&A, chip news stir tech optimism
-
Windows 7 for Seniors for Dummies®
-
Computers for Seniors for Dummies, 2nd Edition
-
Windows 7 for Dummies®
-
Microsoft Office
-
MYOB Software for Dummies 6E Australian Edition
-
Teach Yourself Visually Windows 7
-
Office 2007 for Dummies
-
Office 2007 All-In-One Desk Reference for Dummies
-
Excel 2007 All-In-One Desk Reference for Dummies
Comments
Post new comment