Possibility of maleware spreading over Dropbox

Posted: December 13, 2010 in IT
Tags:

##################################################
#                                                                                                #
# Possibility of spreading maleware with Dropbox         #
#                                                                                                #
##################################################

————————————–
–1) About Dropbox

–2) How the Dropbox Client works

–3) Distribute maleware

–4) Mobile Devices

–5) Links
————————————–

—————–
–1 About Dropbox
—————–

Dropbox is a file hosting service, designed to backup any files. People’s account credentials consist of an email address and a password. Dropbox also supports for major operating systems (Windows, Mac OS X, Linux and mobile devices like iPhone, Blackberry, Android and iPad) a client which makes up and downloading files from people’s accounts easier. On Dropbox people can create a folder and share it with other people who are also registered to the service.

——————————–
–2 How the Dropbox client works
——————————–

If someone uploads a file to a shared folder, other people’s clients will automatically download this file and will notify the user by showing a message in the task bar. If they don’t use the client they will get notified after logging onto Dropbox the next time.

————————————
–3 One way of distributing maleware
————————————

An attacker could get someone’s account credentials (mitm, credentials harvesting by using SET or a trojan, …) who is part of members who share folders. Upload the maleware and using social engineering could help the attacker to force the victim user to open the new file in the victim’s dropbox folder:

–   changing file name
–   sending the other account an email (since the username = email) where they get asked if they could take a look at the new holiday pictures or whatever)

Writing a bot could speed since files in the specific dropbox folder (ie. /home/<user>/Dropbox) get uploaded automatically after they get copied into the folder.

The configuration files are under Linux located in ~/.dropbox and the user credentials (at least the username) is located under ~/.dropbox/dropbox.db which is only encrypted with base64 and can easily be displayed by entering a simple command:

sqlite3 ~/.dropbox/dropbox.db “select * FROM config WHERE key=’email'” | awk ‘BEGIN {FS = “|”} {print $3}’ | base64 -d | grep @ | sed ‘s/^.//’

——————
–4 Mobile Devices
——————

This would also be a very fast way how to distribute maleware on mobile devices, since most of the mobile phones today are steadily connected to the internet. Recently a post was published about the fact that about 1 million cell phones in China are injected by a virus.

———
–5 Links
———

Dropbox -> http://dropbox.com

SET -> http://secmaniac.com

Post: 1 million cellphones in China affected by Virus -> http://www.virusbtn.com/news/2010/11_11.xml

credit to group51

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s