This same year we have reported several cases of abuse of DropBox to host malware and Bit.ly as a shortener and concealer of the real address of the malware:
The malicious mail that arrives is this:Trojan spreads using Windows Live/Hotmail accounts and abuses Dropbox.com
http://blog.segu-info.com.ar/2011/05/troyano-se-propaga-usando-cuentas-de.html
Phishing with Trojan hosted on DropBox.com
http://blog.segu-info.com.ar/2011/03/phishing-con-troyano-alojado-en.html
Number of malware downloads from shorteners
It can be seen that the link to the supposed attached voucher, Deposito14122011.doc, is actually a link http://bitly.com/u[DELETED]E, from the Bit.ly shortener, which leads to http://dl.dropbox.com/u/5[DELETED]5/Deposito14122011.zip which is a banking malware as we checked in VirusTotal where it is barely detected by 2 of 43 antivirus, that is, practically no antivirus. After 12 hours of the complaint made by Segu-Info, the abused resources are still active. This shows that even companies like Bit.ly and Dropbox are not living up to their responsibility.
On the other hand and seeing the statistics of Bit.ly on that link, in the last 24 hours there were almost 1500 clicks to that address, which indicates that we must continue to alert and educate people about these tricks used by criminals, about the prudent use of the Internet.
Update 16/12 10hs: the malicious file seems to have been updated and the current one is detected by 15/43 AV in VT where it is identified as a banking Trojan.
Update 16/12 10:20hs: the link Bit.ly has been marked as dangerous after 24 hours after the complaint was made. The malicious file in DropBox is still online.
Leave your comment