Security vendor Symantec recently noticed spammers abusing Dropbox, the popular cloud-based, file-hosting and synchronization tool, to spread spam.
Dropbox accounts have a public folder where files can be placed and made publicly available. This function is useful to spammers, as it effectively turns Dropbox into a free hosting site. Symantec said that spammers had abused URL shortening and free hosting sites for some time. Dropbox also provides a URL shortening service, which spammers had also abused.
Spammers had created several Dropbox accounts, uploading an image and a simple .html file and then using the image to link to a pharmaceutical site. Following this link took users to a "Canadian Health & Care Mall" site.
Symantec saw over 1,200 unique Dropbox URLs being used in spam over a 48-hour period. The security firm have informed Dropbox, providing them with the full list of URLs.
"In fact, Dropbox is being abused by malware authors, as well as spammers," said Nick Johnston, a senior software engineer at Symantec. "We recently saw a Brazilian Portuguese malware message claiming to contain photos and asking if they can be put onto a popular social networking site. The links in the email point to a Trojan hosted on Dropbox. The link text is crafted to look like image file names similar to what many digital cameras would use," he added.
This abuse is a good reminder that any site which makes user-supplied content publicly available must continue to be vigilant about dealing with abuse. Although Dropbox is a high-profile site, spammers target all sorts of sites, big and small. There are many things that sites do to deal with such abuse, but in some cases this crucial work is often seen as low priority, despite the damage that such abuse can cause. Dropbox however assured us "they care about their user's security and experience above all else."