{"id":3106,"date":"2013-08-05T10:00:10","date_gmt":"2013-08-05T14:00:10","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=3106"},"modified":"2013-08-05T10:00:10","modified_gmt":"2013-08-05T14:00:10","slug":"attackers-reported-seeding-cloud-services-with-malware","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2013\/08\/05\/attackers-reported-seeding-cloud-services-with-malware\/","title":{"rendered":"Attackers reported seeding cloud services with malware"},"content":{"rendered":"

\"\"<\/a><\/p>\n

LAS VEGAS — Malware writers are ramping up their use of commercial file hosting sites and cloud services to distribute malware programs, security researchers said at this week’s Black Hat conference here.
\nTraditionally, malware writers had distributed their malicious code from their own sites.
\nBut as security vendors get better at detecting and blacklisting those sites, hackers are increasingly distributing their malware products from legitimate host sites. The technique has been used a bit for more than two years, but now appears be gaining steam, researchers said. (See also “When malware strikes: How to clean an infected PC.”
\nDodging the blacklist
\nOften, the owners of legitimate sites fail to properly scan the content they are hosting, which allows attackers to furtively post malicious code with relative ease, said Michael Sutton, vice president of research at ZScaler, a provider of cloud-based security services for enterprises.
\nMalicious content distributed from a legitimate site is more likely to make it past corporate defenses. Vendors are also unlikely to blacklist a legitimate hosted service, allowing malicious content hosted on one to stay up longer, he said.
\ndefcon
\nZscaler said he’s heard reports of malicious files hosted on Dropbox, but the they appear to have been removed, the blog noted.
\nSutton pointed to recent incidents were attackers posted and distributed malicious code on Google Code and Dropbox as an example of the trend. A blog on Zscaler’s website lists nearly three dozen malicious files hosted on the Google Code site, which contains tools for software developers.
\nThe message for IT managers: Don’t blindly trust domains that seem to be secure, Sutton said.
\n“Attackers are starting to leverage hosting services” to stage malicious code, he said. “It used to be that [attackers] would set up their own servers,” to host malware. “Then we saw them infecting legitimate third-parties. Now they are using hosting services. They are no longer paying for hosting [malware] and are less likely to get blacklisted.”
\nIncreased infections noted
\nMeanwhile, Firehost, a provider of cloud-hosting services for enterprises, has seen an increase in Web application attacks originating from the networks of legitimate Web hosting services, said CEO Chris Drake.
\nIn its latest quarterly security review, Firehost observed a noticeable increase in the number of SQL injection attacks, directory traversal attacks and other Web application attacks launched from within cloud service provider networks, Drake said.
\nCloud providers often have weak validation procedures when signing up new customers, allowing attackers to create accounts with fake information. The accounts are then used to deploy and administer powerful botnets that run in the cloud infrastructure, he said.
\nIn the second quarter of 2013, the IP filtering system that Firehost uses to protect its customers against malicious attacks blocked about 1.3 million unique attacks. Of the total, a noticeable number of attacks originated from IP addresses belonging cloud services companies, Drake said.
\nvia Attackers reported seeding cloud services with malware | PCWorld<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

LAS VEGAS — Malware writers are ramping up their use of commercial file hosting sites and cloud services to distribute […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[6,7],"tags":[201,307,655],"class_list":["post-3106","post","type-post","status-publish","format-standard","hentry","category-networking","category-security","tag-cloud","tag-dropbox","tag-malware"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-O6","jetpack-related-posts":[{"id":7570,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/02\/05\/malicious-advertisements-on-major-sites-compromised-many-many-pcs\/","url_meta":{"origin":3106,"position":0},"title":"Malicious advertisements on major sites compromised many, many PCs","author":"NCCT","date":"February 5, 2015","format":false,"excerpt":"Attackers who have slipped malicious advertisements onto major websites over the last month have potentially compromised large numbers of computers. Several security vendors have documented attacks involving malicious advertisements, which automatically redirect victims to other websites or pages that silently attack their computer and install malware. \u201cWe certainly see malvertising\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6833,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/11\/12\/ios-security-hole-allows-attackers-to-poison-already-installed-iphone-apps\/","url_meta":{"origin":3106,"position":1},"title":"iOS security hole allows attackers to poison already installed iPhone apps","author":"NCCT","date":"November 12, 2014","format":false,"excerpt":"Security researchers have warned of a security hole in Apple's iOS devices that could allow attackers to replace legitimate apps with booby-trapped ones, an exploit that could expose passwords, e-mails, or other sensitive user data. The \"Masque\" attack, as described by researchers from security firm FireEye, relies on enterprise provisioning\u2026","rel":"","context":"In "Apple"","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/11\/masque-attack-example-640x613.jpg?resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/11\/masque-attack-example-640x613.jpg?resize=350%2C200 1x, https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/11\/masque-attack-example-640x613.jpg?resize=525%2C300 1.5x"},"classes":[]},{"id":5916,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/07\/08\/attack-on-dailymotion-redirected-visitors-to-exploits\/","url_meta":{"origin":3106,"position":2},"title":"Attack on Dailymotion redirected visitors to exploits","author":"NCCT","date":"July 8, 2014","format":false,"excerpt":"Attackers injected malicious code into Dailymotion.com, a popular video sharing website, and redirected visitors to Web-based exploits that installed malware. The rogue code consisted of an iframe that appeared on Dailymotion on June 28, researchers from security vendor Symantec said Thursday in a blog post. The iframe redirected browsers to\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3197,"url":"https:\/\/nccomputertech.com\/techtalk\/2013\/08\/19\/malware-hijacks-mobile-ad-networks-to-siphon-money\/","url_meta":{"origin":3106,"position":3},"title":"Malware hijacks mobile ad networks to siphon money","author":"NCCT","date":"August 19, 2013","format":false,"excerpt":"Asian cybercriminals have figured out an unusual way to use the architecture of a mobile ad network to siphon money from their victims. The new method represents another step in the evolution of mobile malware, which is booming with more smartphones shipping than PCs. Mobile ad networks open up the\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8453,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/07\/07\/zeusvm-malware-building-tool-leak-may-cause-botnet-surge\/","url_meta":{"origin":3106,"position":4},"title":"ZeusVM malware building tool leak may cause botnet surge","author":"NCCT","date":"July 7, 2015","format":false,"excerpt":"The Internet could see a new wave of botnets based on the ZeusVM banking Trojan after the tools needed to build and customize the malware program were published online for free. The source code for the builder and control panel of ZeusVM version 2.0.0.0 was leaked sometime in June, according\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6294,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/08\/27\/research-team-creates-undetectable-malware-bound-to-legitimate-software-downloads\/","url_meta":{"origin":3106,"position":5},"title":"Research team creates undetectable malware bound to legitimate software downloads","author":"NCCT","date":"August 27, 2014","format":false,"excerpt":"Most cyber attacks from your typical home hacker, come by way of techniques used 10 years ago or more like phishing scams, poor password management, and things of that nature. But now it seems as though a research team from Germany has developed on all new strain of malware. The\u2026","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/3106","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=3106"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/3106\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=3106"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=3106"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=3106"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}