Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Symantec Intelligence

Dropbox Abused by Spammers

Created: 08 Mar 2012 • 2 comments
Nick Johnston's picture
+2 2 Votes
Login to vote

Recently we noticed spammers abusing Dropbox, a popular cloud-based, file-hosting and synchronization tool, to spread spam.

Dropbox accounts have a public folder where files can be placed and made publicly available. This function is useful to spammers, as it effectively turns Dropbox into a free hosting site. Spammers have abused URL shortening and free hosting sites for some time. Dropbox also provides a URL shortening service, which spammers have also abused.

Spammers have created several Dropbox accounts, uploading an image and a simple .html file and then using the image to link to a pharmaceutical site.

 

Following this link takes you to a fairly standard "Canadian Health & Care Mall" site:

We saw over 1,200 unique Dropbox URLs being used in spam over a 48-hour period. We have informed Dropbox, providing them with the full list of URLs.

Since Dropbox is a widely-used service (with smartphone applications) people might view Dropbox URLs as more trustworthy, and therefore more likely to open them.

In fact, Dropbox is being abused by malware authors, as well as spammers. We recently saw a Brazilian Portuguese malware message claiming to contain photos and asking if they can be put onto a popular social networking site. The links in the email point to a Trojan hosted on Dropbox. The link  text is crafted to look like image file names similar to what many digital cameras would use:

 

This abuse is a good reminder that any site which makes user-supplied content publicly available must continue to be vigilant about dealing with abuse. Although Dropbox is a high-profile site, spammers target all sorts of sites, big and small. There are many things that sites do to deal with such abuse, but in some cases this crucial work is often seen as low priority, despite the damage that such abuse can cause. Dropbox however assured us "they care about their user's security and experience above all else."

Symantec.cloud customers are protected from these threats based on advanced link-handling technology.

Comments 2 CommentsJump to latest comment

Daren Lewis's picture

Nick, Great post. Are we seeing this from any of the other services? Thanks, Daren

+3
Login to vote
danbcheney's picture

Corporate users really should not be risking their data on unsecured cloud solutions. An MFT (Managed File Transfer) system that goes beyond just encrypting the files by maintaining an audit trail, scheduled scripting, data conversion, security key management, and many other functions that are essential to managing and protecting the data that they collect. Many of the data and privacy protection laws are coming into place because corporate users aren't thinking this through and we've been bitten too often by stolen and exposed data.  

For add'l info on this issue: http://blog.goanywheremft.com/2012/04/16/company-data-slipping-through-cracks/

-1
Login to vote