Tuesday, July 29, 2014
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Microsoft Releases The Sharks Cove, A Raspberry Pi Alternative
EA Access for Xbox One Now Available
NVIDIA Rolls Out the GeForce 340.52 WHQL Driver
BlackBerry Strengthens Its Mobile Security Portfolio With The Acquisition of Secusmart
IBM, ACS And AT&T Claim Breakthrough In Elastic Cloud-to Cloud Networking
HP Says Internet of Things Devices Are Vulnerable to Attack
China Starts Anti-monopoly Investigation On Microsoft
Apple's MacBook Pros Now Come With Faster processors And More Memory
Active Discussions
help questions structure DVDR
Made video, won't play back easily
Questions durability monitor LCD
Questions fungus CD/DVD Media, Some expert engineer in optical media can help me?
CD, DVD and Blu-ray burning for Android in development
IBM supercharges Power servers with graphics chips
Werner Vogels: four cloud computing trends for 2014
Video editing software.
 Home > News > General Computing > Dropbox...
Last 7 Days News : SU MO TU WE TH FR SA All News

Sunday, July 14, 2013
Dropbox, WordPress Used To Spread Malware


Increased focus on sophisticated threats by enterprise security teams are driving threat groups to adopt unconventional targeting and exploitation techniques by using borrowed infrastructure from trusted parties to carry out malicious exploitation activities.

The attackers are simply repurposing seemingly benig Service Profile Infrastructure (SPI) to ensure additional survivability of their exploitation operations, knowing all the while that most enterprises are unable to inspect high volume web traffic, or mitigate traffic to such services. As an example, a Chinese threat group has been observed by Cyber Squared staging a malicious document containing a custom backdoor that interacts with WordPress, then delivering it via Dropbox. In doing so, the attackers did not have to compromise the "easy to mitigate" midpoint infrastructure that has been previously seen in traditional targeted attacks; such as SMTP relay servers or web servers.

The Chinese cyberspies behind the espionage campaign against The New York Times had also used Dropbox and WordPress.

The 'DNSCalc gang' has been using the Dropbox file-sharing service for roughly the last 12 months as a mechanism for spreading malware, said Rich Barger, chief intelligence officer for Cyber Squared.

The gang is among 20 Chinese groups identified this year by security firm Mandiant that launch cyberattacks against specific targets to steal information.

The attackers did not exploit any vulnerabilities in Dropbox or WordPress. Instead, they opened up accounts and used the services as their infrastructure. They uploaded on Dropbox a .ZIP file disguised as belonging to the U.S.-ASEAN Business Council. Messages were then sent to people or agencies that would be interested in the draft of a Council policy paper. The paper, contained in the file, was legitimate.

When a recipient unzipped the file, they saw another one that read, "2013 US-ASEAN Business Council Statement of Priorities in the US-ASEAN Commercial Relationship Policy Paper.scr." Clicking on the file would launch a PDF of the document, while the malware opened a backdoor to the host computer in the background.

Once the door was open, the malware would reach out to a WordPress blog created by the attackers. The blog contained the IP address and port number of a command and control server that the malware would contact to download additional software.

The best prevention is for security pros to share information when their companies are targeted, so others can draw up their own defense.


Previous
Next
Microsoft Cuts Surface RT Price        All News        LG Starts Optimus G2 Campaign
Ad networks To Take Action Against Online Piracy     General Computing News      Icahn Makes Higher Offer For Dell

Get RSS feed Easy Print E-Mail this Message

Related News
FBI Cleanups GameOver Zeus, Cryptolocker Botnets
Microsoft Disrupts Jenxcus and Bladabindi Malware Families
FBI Says BlackShades Infected Half Million Computers
Windows Malware Infects Android Devices
Malware Attack Strikes Asian, European Governments
Mobile Threats Continue Rampant Growth
Microsoft Says Viruses Are Back On The Rise
First Targeted Attack Utilising Malware for Android Devices Reported
Cyber Attack Targets Nato, Government Websites
Stuxnet Roots Found Back in 2005
Java Exploit Behind "Red October" Cyber Attacks
FTC Warns Small Businesses Of Spam Email

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2014 - All rights reserved -
Privacy policy - Contact Us .