Thursday, February 9, 2012

Trojan rounds up and steals Word and Excel docs

Malware Uses Sendspace to Store Stolen Documents

Beware of bogus FedEx emails asking you to review a shipment notification - the attached Fedex_Invoice.exe is actually a downloader Trojan that opens you computer to other pieces of malware.

In this particular case spotted by Trend Micro researchers, it downloads and executes a Trojan that searches for and snatches MS Word and Excel documents from the infected machine.

"The collected documents are then archived and password-protected using a random-generated password in the user’s temporary folder," they share. And after creating the archive, it sends it to sendspace.com, a file hosting service that allows its users to send, receive, track and share files.

Once the archive is uploaded, the malware retrieves the Sendspace download link, and then sends it to the C&C server operated by the crooks along with the password needed to open it.

This is not the first time that Sendspace has been used by cyber thieves to store stolen data, and the same can be said for other free online hosting services.

Unfortunately, the criminals have realized that these legitimate services allow them to forgo the need of operating their own drop zones.

No comments: