Dropbox Used to Spread Malware

Dropbox Used to Spread Malware

DNSCalc gang has targeted the New York Times in the past, and now this cyber-hacking gang has found a new way to get its point across. Breaking news this afternoon has let to this discovery: the DNSCalc Gang is using Dropbox to spread malware to unsuspecting victims. Dropbox Used to Spread Malware

How Dropbox Is Being Used

The gang's setup is really clever. First, a file is sent to various Dropbox users (usually government officials or individuals with ties to the Association of Southeast Asian Nations). That file includes a .Zip file that appears to belong to the U.S.-ASEAN Business Council.

This file would then be sent to anyone interested in Council business, and the file actually contained a legitimate Council paper. Once the file was unzipped, the malware included in the file would open a backdoor to a host computer – all without recipients knowing what was happening.

After that, the malware file would find a WordPress blog that was created by the Gang. The malware contained IP address information in addition to a port number or a control server. From there, additional malware would begin to download. You could say that it was Game Over for anyone that was attacked.

Dropbox Used to Spread Malware: Why Dropbox?

Dropbox files tend to be trusted by most people. If you grant someone access to your Dropbox, you probably open up any file sent without a second thought. Gangs like the one mentioned above will use this vulnerability to send malware to unsuspecting Dropbox users. What can you do?

Unfortunately, this type of malware is hard to detect, and most company detection programs won't notice a thing happening when malware is moving around via Dropbox and to a WordPress blog. What you can do is report any kind of of attack like this one, so that other people are aware. If your system has already been attacked, it's really hard to do much about it.

One other tip: make sure you know who sent you a Dropbox file. Ask that person if they did, indeed, send you a file, and think twice before unzipping any files. These tactics will provide you with your best line of defense!

Share your Thoughts

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Save time and money by making the right web hosting decision the first time.

WordPress.com

Nexcess Hosting

Visit nexcess

Inmotion Hosting

Visit Inmotionhosting

Namecheap Hosting

Visit Namecheap

iThemes Hosting

Visit ithemes

Data-Driven Reviews

  • Current & accurate reviews are based on data and supported by real user experiences.
  • The goal is to deliver the most accurate information possible based on the needs of the majority of website owners and developers, and Ananova reports deliver the most reliable indicators of web host performance.

Save time and money by making the right web hosting decision the first time.

WordPress.com

Nexcess Hosting

Visit nexcess

Inmotion Hosting

Visit Inmotionhosting

Namecheap Hosting

Visit Namecheap

iThemes Hosting

Visit ithemes

Data-Driven Reviews

  • Current & accurate reviews are based on data and supported by real user experiences.
  • The goal is to deliver the most accurate information possible based on the needs of the majority of website owners and developers, and Ananova reports deliver the most reliable indicators of web host performance.
%d bloggers like this: