Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Security > Virus alerts

February 8th, 2012, 10:51 GMT · By Eduard Kovacs

Malware Steals Documents and Uploads Them to Sendspace

SHARE:

Adjust text size:


Sendspace.com is utilized by a new type of malware
Enlarge picture
Security experts came across a piece of malware that’s cleverly programmed to steal documents from the infected computer. While this may not be new, the twist to this story is that the malicious element is designed to upload the obtained Microsoft Word and Excel files to the hosting site sendspace.com

Trend Micro researchers say that Sendspace was used on previous occasions to store stolen data because the service allowed crooks to “send, receive, track and share” big files, but the process was never done automatically by a malware.

The infection begins with an executable file called Fedex_Invoice.exe, identified as TROJ_DOFOIL.GE, the file’s name hinting that it may be spread with the use of a fake “FedEx failed delivery” spam campaign.

Once the file is executed, it downloads and executes TSPY_SPCESEND.A, a Trojan that searches the local drive for Word and Excel documents, collecting them in a password-protected archive placed in the user’s temporary folder.

After the archive is created, it’s uploaded to Sendspace, its download link being transmitted to the malware’s command and control server. This way the crooks don’t have to store all the files on the C&C, instead they access them from the file hosting service.

“We’ve seen dropsites/dropzones for stolen/exfiltrated data that are hosted also within domains owned by the cybercriminals. Now, we’re seeing legitimate ‘clouds’ being used by criminals where they can drop and pickup their loot,” Trend Micro Solutions Evangelist Ivan Macalintal said.

This discovery is worrying because it means that information theft and exfiltration are not specific only for targeted attacks, but they’re present in mass campaigns as well.

This is a perfect time for users to check their personal documents, especially if they’re stored on company computers and make sure that all the sensitive files are stored in a safe place. Also, antivirus solutions should be checked to see if they’re up to date, as they can easily prevent such attacks.
FILED UNDER:
Trojan
data leak
Fedex

TELL US WHAT YOU THINK:

1,951 hits · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


Company Security Staffers Warned About MSUpdater Trojan
Facebook Valentine’s Day Theme Leads to Trojan
Lookout: Android.Counterclank Found by Symantec Not Malware
Drive-by Spam Emails Infect Computers Without Links or Attachments
Cidrex Trojan Breaks CAPTCHA to Create Yahoo! Email Account

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use