Dropbox has hit back at the hackers behind a recent phishing campaign designed to infect its users with a Zeus-family malware by trying to disrupt their campaign.
The new Zeus campaign was uncovered by cloud security provider Appriver, which reported discovering a bogus password reset email targeting Dropbox customers. The email messages contained a malicious link to a Dropbox file that, when clicked, infects the victim's machine with a Zeus-family malware.
Following its discovery, a Dropbox spokesperson told V3 that the company is aware of the scam and has already investigated and taken action to disrupt the attack.
"This is similar to other email spam campaigns that have spoofed well-known brands to distribute malware. We've investigated and taken action to disrupt this campaign," read the statement.
The spokesperson said users should remain extra vigilant and double check the origin of any email claiming to be from Dropbox before opening it.
"In addition, we urge people to exercise caution with unexpected emails. For example, check the destination of links in emails before clicking on them, verify the email directly with the sender's actual website or support channels, and use up-to-date antivirus software."
At the time of publishing Dropbox had not responded to V3's request for more detail on the specific action it has taken to combat the phishing campaign.
F-Secure security analyst Sean Sullivan said Dropbox was probably trying to flush the malicious files from its systems. "The phishing campaign emails point to Dropbox files, hosted on compromised accounts - or else to accounts set up deliberately by the spammers. I'm sure the Dropbox folks are analysing the IP addresses associated with logins, and are killing other fake accounts set up from the same sources," he said.
"If it looks like the accounts were compromised, their network guys are probably trying to develop some pattern ‘signatures' that would alert them to new phishing-like activity, which would then trigger an account suspension. Outside of that it's a game of whack-a-mole. They could report the phishers' IP addresses to local CERT teams - but there would be little to follow up on as they are almost certainly proxies."
Trend Micro security research vice president Rik Ferguson added that the ability to stop phishing in the first place is almost impossible and that major online firms have to just react as best they can.
"It seems this is just them [Dropbox] saying ‘we've heard that some spam is doing the rounds, abusing the Dropbox brand, distributing malware, don't click it'. To be honest, any company is a victim or a potential victim of this kind of abuse - it's the price of fame," he told V3.
Security firm Kaspersky Lab estimates hackers are hitting the UK with an average of 3,000 phishing messages every day. UK law enforcement has mounted a series of ongoing anti-cyber crime campaigns to help combat the scams. Earlier in October an investigation led by the UK's National Crime Agency resulted in the arrest of a cyber criminal responsible for a £750,000 plot to defraud the financial sector.