Dropbox Targeted with Spam Mails Carrying Malware

Conrad Longmore, Security Blogger for Dynamoo's Blog has warned users of Dropbox for being vigilant of malware-laced spam mails presently hitting their inboxes, thus reported softpedia.com in news on October 4, 2013.

It may be noted that Dropbox is used as one file-sharing facility based on cloud computing and available for free. Its operator is San Francisco, California-headquartered Dropbox Inc.

The spam mail titled "Please update your Expired Dropbox Password," tells the recipient that it has been observed lately that he attempted at logging into Dropbox using an over 90-days unchanged password. As that password has become obsolete, he requires setting one fresh one. For doing the password update, he is requested for visiting the web-page included in the e-mail, the message states.

Thereafter, in conclusion, the e-mail expresses an official gratitude on behalf of "The Dropbox Team."

Importantly, Longmore explains that upon following the page's web-link, the user would be taken via one lawful site that has been compromised to land on 3 scripts serially connected. Subsequently, he would reach one malware-hosted web-page that is typically one compromised GoDaddy domain.

Worryingly, it's because of the above kinds of malware-laced spam mail runs, which are resulting in an increase in malicious software online. This view is depicted in the 'Q2 2013 Threat Report' by PandaLabs, a security company. According to the statistics PandaLabs collated, during Q2 2013 (April-June 2013) there was a 12% increase in malicious programs created from Q2 2012.

Furthermore, malware writers along with spammers have been constantly manipulating Dropbox for their malicious operations. During March 2012, Symantec another security company reported seeing one malware e-mail of a Brazilian Portuguese form asserting that it had pictures, as well as queried whether they could get posted on certain widely visited social networking website. Web-links embedded on the malware e-mail led onto Dropbox that hosted a Trojan.

However, for remaining safe from such malware-laced e-mails and not getting contaminated with them, the security specialist advises deleting them right away. Still, in case anyone has hit the web-links he should run an updated AV program for removing the malware, he concludes.

» SPAMfighter News - 10/17/2013