Malware automates storing of data haul on file-hosting site SendSpace
- 07 February, 2012 01:26
- Comments
Trend Micro researchers have discovered a piece of malicious software that automatically uploads its stolen data cache to the SendSpace file-sharing service for retrieval.
Malware authors have used file-hosting and sharing servers for that purpose before, but this is the first time malware has been noticed to do that automatically, wrote Roland Dela Paz, a threat response engineer with Trend Micro.
SendSpace accepts files and then generates a link that can be shared with other people to download the content in the files. The malware has been configured to send files, copy the download link and send it to a command-and-control server along with the password needed to access the archive, Dela Paz wrote.
It appears SendSpace's terms of service would prohibit use of the site that way. SendSpace said in response to an email that it was "notified of this several days ago by Trend Micro themselves, and we're working to find a solution for this."
File-storage services offer several advantages for cybercriminals, said Rik Ferguson, director of security research and communication for Trend Micro in Europe.
Although the cybercriminals often use networks of proxy computers to mask how they are communicating with a compromised computer, using a storage service adds another layer, Ferguson said. "It breaks in some ways the chain of evidence," he said.
Also, authorities would be less likely to take down a legitimate file-hosting service than a new server set up by scammers, Ferguson said.
The services are especially useful for so-called Advance Persistent Threat attacks, where cyberspies seek to infiltrate an organization for a long period of time, Ferguson said. There is also a better chance that organizations that are hacked will not regard outbound connections to a file-hosting service as suspicious, making it less likely the connection will be shut down, he said.
"Basically it's criminals taking advantage of public infrastructure to appear less suspicious," Ferguson said.
Send news tips and comments to jeremy_kirk@idg.com
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Bookmark this page
- Share this article
- Got more on this story? Email CIO
- Follow CIO on twitter
- Get the Whole Picture Why Most Organizations Miss User Response Monitoring—and What to Do About It
- Seven Steps to Effective Data Governance
- Guidance for Calculation of Efficiency (PUE) in Data Centers
- Information Security Policies, Standards and Procedure
- Best practices for implementing 2048-bit SSL
-
Australia's first 4G smartphone is the HTC Velocity 4G
-
Swedish e-commerce startup's execs linked to NYC sex crime
-
Face Time - Interview with John Brennan and Robert DiStefano
-
How to implement next-generation storage infrastructure for Big Data
-
Pfizer's Future Depends on IT Transformation
-
Synergy gains sustainable competitive edge with HP printers, services and solutions
Western Australian electricity retailer Synergy signed a four-year HP Smart Print Services agreement to establish an efficient and sustainable imaging and printing network which reduces waste and the organisation’s environmental footprint, without compromising on quality, reliability or security. Read more. -
Protecting Generation Web
From data privacy to personal safety issues, cyber-bullying, inappropriate content and malware, schools are facing an increasingly difficult task when it comes to allowing young people to spread their online wings without compromising their safety and personal development. The reality that most schools are catering to the needs of mixed age groups and abilities, and it’s easy to understand why a simple stop and block approach won’t work. Learning environments are, by nature, flexible. It stands to reason that the IT resources used in them should be flexible too. Read on. -
Cost Effective Security and Compliance with Oracle Database 11g Release 2
Information ranging from trade secrets to financial data to privacy related information has become the target of sophisticated attacks from both sides of the firewall. Built upon 30 years of security experience, the Oracle database provides defense-in-depth security controls that enable organizations to transparently protect data. By leveraging these controls, organizations can safeguard data, ensure regulatory compliance, and achieve business goals such as consolidation, globalization, right sourcing and cloud computing while still maintaining scalability, performance and availability. Read this whitepaper.

















Comments
Post new comment