Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Malware automates storing of data haul on file-hosting site SendSpace

Trend Micro has found malware that automatically sends and retrieves stolen data from SendSpace

Trend Micro researchers have discovered a piece of malicious software that automatically uploads its stolen data cache to the SendSpace file-sharing service for retrieval.

Malware authors have used file-hosting and sharing servers for that purpose before, but this is the first time malware has been noticed to do that automatically, wrote Roland Dela Paz, a threat response engineer with Trend Micro.

SendSpace accepts files and then generates a link that can be shared with other people to download the content in the files. The malware has been configured to send files, copy the download link and send it to a command-and-control server along with the password needed to access the archive, Dela Paz wrote.

It appears SendSpace's terms of service would prohibit use of the site that way. SendSpace said in response to an email that it was "notified of this several days ago by Trend Micro themselves, and we're working to find a solution for this."

File-storage services offer several advantages for cybercriminals, said Rik Ferguson, director of security research and communication for Trend Micro in Europe.

Although the cybercriminals often use networks of proxy computers to mask how they are communicating with a compromised computer, using a storage service adds another layer, Ferguson said. "It breaks in some ways the chain of evidence," he said.

Also, authorities would be less likely to take down a legitimate file-hosting service than a new server set up by scammers, Ferguson said.

The services are especially useful for so-called Advance Persistent Threat attacks, where cyberspies seek to infiltrate an organization for a long period of time, Ferguson said. There is also a better chance that organizations that are hacked will not regard outbound connections to a file-hosting service as suspicious, making it less likely the connection will be shut down, he said.

"Basically it's criminals taking advantage of public infrastructure to appear less suspicious," Ferguson said.

Send news tips and comments to jeremy_kirk@idg.com

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Roland, Trend Micro
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: security, trend micro
Latest Blog Posts
Whitepapers
  • Synergy gains sustainable competitive edge with HP printers, services and solutions
    Western Australian electricity retailer Synergy signed a four-year HP Smart Print Services agreement to establish an efficient and sustainable imaging and printing network which reduces waste and the organisation’s environmental footprint, without compromising on quality, reliability or security. Read more.
    Learn more »
  • Protecting Generation Web
    From data privacy to personal safety issues, cyber-bullying, inappropriate content and malware, schools are facing an increasingly difficult task when it comes to allowing young people to spread their online wings without compromising their safety and personal development. The reality that most schools are catering to the needs of mixed age groups and abilities, and it’s easy to understand why a simple stop and block approach won’t work. Learning environments are, by nature, flexible. It stands to reason that the IT resources used in them should be flexible too. Read on.
    Learn more »
  • Cost Effective Security and Compliance with Oracle Database 11g Release 2
    Information ranging from trade secrets to financial data to privacy related information has become the target of sophisticated attacks from both sides of the firewall. Built upon 30 years of security experience, the Oracle database provides defense-in-depth security controls that enable organizations to transparently protect data. By leveraging these controls, organizations can safeguard data, ensure regulatory compliance, and achieve business goals such as consolidation, globalization, right sourcing and cloud computing while still maintaining scalability, performance and availability. Read this whitepaper.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments