Dropbox used by Chinese hackers to spread malware

July 17, 2013 Leave a comment

Dropbox used by Chinese hackers to spread malware

Paul WagenseilTechNewsDaily

July 15, 2013 at 3:36 PM ET

Popular cloud-based file-sharing service Dropbox wants to be all things to all people, with big plans to share application metadata — game saves, settings preferences and so forth — as well as raw files across devices and platforms. But when Dropbox CEO Drew Houston announced last week that Dropbox intends to “replace the hard drive,” he probably didn’t expect Chinese hackers to take him up on it so quickly.Comment Crew, the same Chinese cyberespionage team thought to be behind the recent attack on The New York Times, has been usingpublicly shared Dropbox folders to spread malware, reports Arlington, Va., digital-security firm Cyber Squared.

“The attackers have simply registered for a free Dropbox account, uploaded the malicious content and then publicly shared it with their targeted users,” a Cyber Squared blog postingexplained last week.

For malicious hackers, Dropbox is an attractive malware distribution platform because it’s widely used in the corporate environment and is unlikely to be blocked by IT security teams.

In this way, Cyber Squared wrote, “the attackers could mask themselves behind the trusted Dropbox brand, increasing credibility and the likelihood of victim interaction with the malicious file from either personal or corporate Dropbox users.”

[8 Simple Tips for Securing Your Computer]

When a Dropbox file is publicly shared, the persons with whom it’s shared receive emails from Dropbox informing them of the share, along with a link to the file on the Dropbox website.

In the attack Cyber Squared examined, normal procedure was followed, but the shared file was an infected Word document of interest to China’s neighbors, indicating a “spear phishing” attack.

The Word document concerned commercial relations between the United States and the 10 members of the Association of Southeast Asian Nations, nine of which ring the South China Sea.

Embedded in the Word document was what seemed to be a PDF file on the same topic, but which was really malware exploiting a hole in Adobe Flash Player.

The malware copied itself to the targeted user’s hard drive, then reached out for instructions to a WordPress blog, which itself appeared to be a boring recitation of Asian trade statistics.

But seemingly decorative strings of text nestled among the postings on the WordPress blog were full of meaning.

For example, the strings “@@@@@@207.86.128.60@@@@@@” or “######443######” may not look like much to the untrained eye.

The first string includes an Internet Protocol address, which computers use to find websites; the second string references port 443, which the Internet Protocol sets aside for encrypted Web connections.

The WordPress blog was thus telling the malware where to go for further instructions and which port to connect on. (The URL in the example above is TechNewsDaily’s own.)

Cyber Squared didn’t wait to see what would happen after the malware received its instructions. Previous Comment Crew attacks have included mass penetration of organizational network, theft of intellectual property and other data and installation of spyware to keep track of a targeted user’s online activities and communications.

Filed under TMT Trends

Unknown's avatarAbout bambooinnovator
Kee Koon Boon (“KB”) is the co-founder and director of HERO Investment Management which provides specialized fund management and investment advisory services to the ARCHEA Asia HERO Innovators Fund (www.heroinnovator.com), the only Asian SMID-cap tech-focused fund in the industry. KB is an internationally featured investor rooted in the principles of value investing for over a decade as a fund manager and analyst in the Asian capital markets who started his career at a boutique hedge fund in Singapore where he was with the firm since 2002 and was also part of the core investment committee in significantly outperforming the index in the 10-year-plus-old flagship Asian fund. He was also the portfolio manager for Asia-Pacific equities at Korea’s largest mutual fund company. Prior to setting up the H.E.R.O. Innovators Fund, KB was the Chief Investment Officer & CEO of a Singapore Registered Fund Management Company (RFMC) where he is responsible for listed Asian equity investments. KB had taught accounting at the Singapore Management University (SMU) as a faculty member and also pioneered the 15-week course on Accounting Fraud in Asia as an official module at SMU. KB remains grateful and honored to be invited by Singapore’s financial regulator Monetary Authority of Singapore (MAS) to present to their top management team about implementing a world’s first fact-based forward-looking fraud detection framework to bring about benefits for the capital markets in Singapore and for the public and investment community. KB also served the community in sharing his insights in writing articles about value investing and corporate governance in the media that include Business Times, Straits Times, Jakarta Post, Manual of Ideas, Investopedia, TedXWallStreet. He had also presented in top investment, banking and finance conferences in America, Italy, Sydney, Cape Town, HK, China. He has trained CEOs, entrepreneurs, CFOs, management executives in business strategy & business model innovation in Singapore, HK and China.

Leave a comment