Malware automates storing of data haul on file-hosting site SendSpace

Trend Micro has found malware that automatically sends and retrieves stolen data from SendSpace

Jeremy Kirk (IDG News Service)
07 February, 2012 01:26
Comments

Trend Micro researchers have discovered a piece of malicious software that automatically uploads its stolen data cache to the SendSpace file-sharing service for retrieval.

Malware authors have used file-hosting and sharing servers for that purpose before, but this is the first time malware has been noticed to do that automatically, wrote Roland Dela Paz, a threat response engineer with Trend Micro.

SendSpace accepts files and then generates a link that can be shared with other people to download the content in the files. The malware has been configured to send files, copy the download link and send it to a command-and-control server along with the password needed to access the archive, Dela Paz wrote.

It appears SendSpace's terms of service would prohibit use of the site that way. SendSpace said in response to an email that it was "notified of this several days ago by Trend Micro themselves, and we're working to find a solution for this."

File-storage services offer several advantages for cybercriminals, said Rik Ferguson, director of security research and communication for Trend Micro in Europe.

Although the cybercriminals often use networks of proxy computers to mask how they are communicating with a compromised computer, using a storage service adds another layer, Ferguson said. "It breaks in some ways the chain of evidence," he said.

Also, authorities would be less likely to take down a legitimate file-hosting service than a new server set up by scammers, Ferguson said.

The services are especially useful for so-called Advance Persistent Threat attacks, where cyberspies seek to infiltrate an organization for a long period of time, Ferguson said. There is also a better chance that organizations that are hacked will not regard outbound connections to a file-hosting service as suspicious, making it less likely the connection will be shut down, he said.

"Basically it's criminals taking advantage of public infrastructure to appear less suspicious," Ferguson said.

Send news tips and comments to jeremy_kirk@idg.com

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email CIO
Follow CIO on twitter

More about: Roland, Trend Micro

References show all

Malware Uses Sendspace to Store Stolen Documents : Malware Blog : Trend Micro

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Coverage

Related Whitepapers

Latest Stories

Community Comments

"Ich kenne einige Leute, die aus Kanadakommen. Eines Tages werde ich auch ..."

Australia's first 4G smartphone is the HTC Velocity 4G
"Actually when someone doesn't know then its up to other visitors that ..."

Swedish e-commerce startup's execs linked to NYC sex crime
"Hi to all, how is everything, I think every one is getting ..."

Face Time - Interview with John Brennan and Robert DiStefano
"I am truly thankful to the owner of this website who has ..."

How to implement next-generation storage infrastructure for Big Data
"hwjae , click here http://www.breastenhanceproduct.org/how-to-benefit-from-herbal-breast-enhancements"

Pfizer's Future Depends on IT Transformation

Tags: security, trend micro

Latest Blog Posts

Whitepapers

Botnets: The dark side of cloud computing
Botnets pose a serious threat to your network, your business, your partners and customers. Botnets rival the power of today’s most powerful cloud computing platforms. These “dark” clouds, controlled by cybercriminals, are designed to silently infect your network. Left undetected, botnets borrow your network to serve malicious business interests. This paper details how you can protect against the risk of botnet infection using security gateways that offer comprehensive unified threat management (UTM).

Learn more »
Seven Tips for Securing Mobile Workers
Seven Tips for Securing Mobile Workers is intended to offer practical guidance on dealing with one of the fastest growing threats to the security of sensitive and confidential information.

Learn more »
Case Study: Keeping information on the move: Clearswift protects Maman, the logistics experts
Time is money. Every minute a consignment is held up in transit costs money and causes problems. Web and email are mission critical business tools that enable Maman, and their customers, to efficiently collaborate with partners across the globe. Spam, and other web based threats can result in delays that ultimately lead to missed deadlines - keeping the lines of communication open is therefore a key priority for Maman. Read on.

Learn more »

All whitepapers

Most Read
Most Commented

Get exclusive access to Invitation only events CIO, reports & analysis.

Latest Jobs

Zones

Featured Whitepapers

Getting real about Virtual Backup and Recovery

Virtualisation continues to grow in popularity with real implications when it comes to backup and disaster recovery. Acronis compiles an annual survey of worldwide confidence in backup and disaster recovery. ...

Recent comments

"Ich kenne einige Leute, die aus Kanadakommen. Eines Tages werde ich auch ..."
Australia's first 4G smartphone is the HTC Velocity 4G
"Actually when someone doesn't know then its up to other visitors that ..."
Swedish e-commerce startup's execs linked to NYC sex crime
"Hi to all, how is everything, I think every one is getting ..."
Face Time - Interview with John Brennan and Robert DiStefano
"I am truly thankful to the owner of this website who has ..."
How to implement next-generation storage infrastructure for Big Data
"hwjae , click here http://www.breastenhanceproduct.org/how-to-benefit-from-herbal-breast-enhancements"
Pfizer's Future Depends on IT Transformation

Follow CIO

Market Place

Gartner Security & Risk Management Summit, 16-17 July 2012, Sydney

Cyber Security Summit 2012 | 1-3 August | Save $150 using promo code CSO | Check out agenda today

Latest Jobs

Subscribe to CIO

Critical. Authoritative. Strategic. CIO magazine addresses the issues vital to the success of IT and business executives. Solutions-oriented editorial provides a greater understanding of the role IT plays in achieving corporate goals. Subscribe to the print edition today.

Download OPML file for import with all IDG RSS feeds

CSO Online Data Security Briefing

Malware automates storing of data haul on file-hosting site SendSpace

Comments

Post new comment

Building trusted relationships

Planning your IT career

Taking the risk out of diversity

5 open source help desk apps to watch

How to create a clear project plan

5 open source billing systems to watch

NBN Co focuses on continuous delivery to meet its deadlines

10 Tips for Dealing with a Bully Boss

Face Time - Interview with John Brennan and Robert DiStefano

Pfizer's Future Depends on IT Transformation

All Systems Down

IT service management going social

Australia's first 4G smartphone is the HTC Velocity 4G

HP Business Efficiency - Money Payback Guarantee Resource Centre

The Australian Cloud

Getting real about Virtual Backup and Recovery

The Pathways ICT Leadership Development Program Brochure and Curriculum 2012