Trojan spreads using Windows Live/Hotmail accounts and abuses Dropbox.com

Subject: {first name surname}:{serial time and number}
Estou te passando, mas nao mostre a ninguem
Please. Vai zipado com senha viu!!
Senha do Zip: 102030
..
Baixar Zip 212 KB <--link to http://dl.dropbox.com/[edit]/View.zip?....
[edit].ar:00:03:26:6830051160[edit]361

By using a dropbox.com link, the offender manages to bypass email filtering by the link's reputation. They also achieve this when they use shorteners recognized as bit.ly or tinyurl.

The malware in question is detected, at least by Kaspersky, as Trojan.Win32.VBKrypt and once the PC is infected, every time the user connects to the Windows Live/Hotmail webmail, it sends to the contacts of that email account, a message like the one described, without being noticed by the PC user.

Because of the reports received, many people fall into deception when they see that the mail comes from someone they know. It spreads as you can see among contacts of well-known people.

It should be clarified that so far we are not aware that any vulnerability of Hotmail or Windows Live is being exploited, they have simply managed the criminals to detect the connection to Hotmail and abuse that by making malicious shipments without the owner of the account noticing.

From Segu-Info we have already reported the problem to Dropbox.com, and in less than an hour they confirmed the cancellation of the file and the user:

Kevin - Dropbox Support, May-06 01:46 pm (PDT):
This user has been banned for Terms of Service violation.
Thanks for bring this to our attention.
Best
Kevin

Raúl de la Redacción de Segu-Info

See original.