Newly-found Malware that Grabs Files, Uploads them Onto File-hosting Website
Trend Micro is cautioning of a fresh kind of malware that seizes Microsoft Excel and Word files from the contaminated computers followed with uploading them onto sendspace.com an Internet site for file-hosting.
Notably, Sendspace.com facilitates dispatching, accepting, sharing and tracing down of Big File of end-users. Lately, it was utilized to load captured data though not mechanically via the malware. As per news-reports of late-2011, computer attackers through Sendspace gathered together stolen data and uploaded the same.
Nonetheless, for the file-transfer as also hosting website, it's the fist attempt of malware getting utilized for uploading data, which has been stolen, onto it.
The infection, explains Trend Micro, begins with Fedex_Invoice.exe a malevolent executable file that the researchers identified as TROJ_DOFOIL.GE. Also, it's evident from the malevolent software's name that hackers are utilizing it in a spam outbreak, with the messages particularly crafted to masquerade as notices about a FedEx delivery.
Essentially, when run, TROJ_DOFOIL.GE pulls down and runs TSPY_SPCESEND.A, one kind of Trojan virus, which hunts the infected system's local drive for Microsoft Excel (spreadsheet) and Word (document) files. Following this it archives the gathered files as well as makes them password-protected utilizing one that's randomly produced within the temporary directory of the end-user.
Thereafter, following the archive's creation, TSPY_SPCESEND.A carries the stacked files onto Sendspace.com. When done, the Trojan program recovers the download web-link of Sendspace as also subsequently transmits it to the command and control server in addition to the archive-specific, randomly-produced password.
Solutions Evangelist at Trend Micro, Ivan Macalintal remarked that the latest method of uploading captured/exfiltrated data onto external infrastructures for storing files, also described as 'extended networks,' might soon become the criminals' tendency.
Moreover, according to Trend Micro, it isn't new to have malware using freely-available Internet services. Using one file-hosting website commonly available to all is still one wittier tactic of cyber-miscreants for archiving captured data since with it they needn't establish a plentiful data-storing server.
Additionally, this underscores one severe concern for consumers as well as the security community alike, as document thefts along with subsequent infiltration currently occurs within spam campaigns, in addition to within personalized assaults.
Related article: Newly-Discovered Murofet Botnet Accredited With Greater Danger
» SPAMfighter News - 10-02-2012