Do you use Dropbox and Facebook? Then you will want to watch out for this! Symantec Security Response has observed that spammers are abusing Dropbox, a popular cloud-based, file-hosting and synchronization tool to spread spam.
Dropbox accounts have a public folder where files can be placed and made publicly available. This function is useful to spammers as it effectively turns Dropbox into a free hosting site. In this example below, spammers have created several Dropbox accounts, uploading an image (such as the below) and a simple .html file and then using the image to link to a pharmaceutical site.
During a 48-hour period, Symantec saw over 1,200 unique Dropbox URLs being used in spam. Since Dropbox is a widely-used service (with smartphone applications) people might view Dropbox URLs as more trustworthy and therefore more likely to open them.
Apart from spammers, Dropbox is also being abused by malware authors. Symantec Security Response has observed a Brazilian Portuguese malware message claiming to contain photos and asking if they can be put onto a popular social networking site. The links in the email point to a Trojan hosted on Dropbox.
Facebook is another popular platform that cyber criminals are targeting – in February 2012, Symantec has observed a phishing site recommending a fake application that allegedly removes the “Timeline” profile for Facebook users. The phishing site, hosted by a free web hosting site, displays a Facebook Timeline promotion video from YouTube, with the claim “Remove Timeline Now”.
According to this phishing site, users will have their “Timeline” removed from their Facebook profile and get back their old profile page—only after they enter their login credentials. Phishers also added that it was protected by an antivirus product with the logo of the antivirus brand placed below the login form to make the fake application look more authentic. If users fell victim to the phishing site by entering their login credentials, phishers would have successfully stolen their information for identity theft purposes.
These abuses are a good reminder that any site which makes user-supplied content publicly available must continue to be vigilant about dealing with abuse.
Dropbox accounts have a public folder where files can be placed and made publicly available. This function is useful to spammers as it effectively turns Dropbox into a free hosting site. In this example below, spammers have created several Dropbox accounts, uploading an image (such as the below) and a simple .html file and then using the image to link to a pharmaceutical site.
During a 48-hour period, Symantec saw over 1,200 unique Dropbox URLs being used in spam. Since Dropbox is a widely-used service (with smartphone applications) people might view Dropbox URLs as more trustworthy and therefore more likely to open them.
Apart from spammers, Dropbox is also being abused by malware authors. Symantec Security Response has observed a Brazilian Portuguese malware message claiming to contain photos and asking if they can be put onto a popular social networking site. The links in the email point to a Trojan hosted on Dropbox.
Facebook is another popular platform that cyber criminals are targeting – in February 2012, Symantec has observed a phishing site recommending a fake application that allegedly removes the “Timeline” profile for Facebook users. The phishing site, hosted by a free web hosting site, displays a Facebook Timeline promotion video from YouTube, with the claim “Remove Timeline Now”.
According to this phishing site, users will have their “Timeline” removed from their Facebook profile and get back their old profile page—only after they enter their login credentials. Phishers also added that it was protected by an antivirus product with the logo of the antivirus brand placed below the login form to make the fake application look more authentic. If users fell victim to the phishing site by entering their login credentials, phishers would have successfully stolen their information for identity theft purposes.
These abuses are a good reminder that any site which makes user-supplied content publicly available must continue to be vigilant about dealing with abuse.
Comments