No matter where you stand on online piracy, music- and movie-copyright issues and the recent Megaupload bust, it's well known that file-sharing sites offer convenient safehouses for storing and disseminating malware. A new Trojan that automatically uploads its stolen cache to SendSpace adds another worrisome wrinkle into the fabric of the online file-sharing world.
If you browse SendSpace, there's a chance you might come across Microsoft Word and Excel files stolen directly from victims' computers and put up for grabs. A new, sophisticated Trojan, identified by the security firm Trend Micro as "Tspy_Spcesend.A." may be the culprit behind the pilfered documents and spreadsheets.
Like Megaupload, RapidShare, The Pirate Bay, MediaFire and countless other file-sharing sites, SendSpace allows users to host, send and receive large files. Like its brethren, SendSpace has in the past been used by cybercrooks as a dumping site for stolen data.
The new Spcesend Trojan first targets potential victims with a rigged file labeled "Fedex_Invoice.exe," designed to pass as a FedEx shipment notification. Once downloaded, the fake FedEx file triggers Spcesend, which scans the system for Microsoft Word and Excel files.
After finding and harvesting your private files, "The collected documents are then archived and password-protected," Trend Micro's Roland Dela Paz explained. The files are stored in the user's temporary folder, and that folder is then sent to SendSpace, and the link (including a password to unlock the stolen files) is sent to a command-and-control server run by the cybercriminals.
In the end, SendSpace, by virtue of its design, aids the entire process.
"Malware utilizing free online services are definitely not unheard of," Dela Paz wrote. "Utilizing a public file hosting site is yet another clever way for cybercriminals to store stolen data as they do not need to set up a server that will store large amount[s] of data."
Before you download anything on SendSpace or any other file-sharing site, make sure you run it though an anti-virus software screen to detect if it's harboring any corrupt code that can harm your computer. If you have a Mac or Linux computer, use it to download files, as these operating systems are traditionally less vulnerable than Windows PCs.