Danish-speaking users hit by malware spread via Dropbox links

The exploitation of Dropbox by crooks is not a novelty, an attacker can use spam messages containing links to cloud storage that points malicious files, they leverage on the fact that usually there are no restrictions on the Dropbox traffic.

The researchers noticed that the attackers used a unique link for each malicious message on the hacking campaign, this circumstance suggests the attackers used an automated script to randomly create the Dropbox file shares.

The researchers discovered that the attackers sent out messages claiming to provide shipping details and a fake invoice. The links included in the messages point to a .zip archive that contained a JavaScript file which contained a Trojan dropper.

“Lately we have seen more email providers tighten restrictions on what type of files can be sent/received as an attachment. In response, malware distributors, whom are always looking for a weakness to exploit, have embraced file sharing as an alternative means to distribute those malicious files. We expect this trend to continue throughout the year.” continues the analysis.

Troy Gill, security analyst at AppRiver, explained that Dropbox quickly replied to the attack, after two hours almost all the malicious links were disabled.

“I would say that after about an hour, we saw a lot of the links disabled,” he said. “After two hours, I was hard press to find a link that wasn’t disabled.”

Crooks sent out hundreds of thousands, maybe millions of messages.

How to protect companies from such kind of attacks?

Businesses can use spam filters, but a more aggressive approach implies the ban of emails embedding Dropbox links.

“If you wanted to be aggressive, you could ban inbound Dropbox content links,” he said. “And if you decided that your organization wasn’t going to use it, you could easily make a change to your spam filter or your web filter to block access to Dropbox entirely.”

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – DropBox, spam)