DropSmack: Using Dropbox Maliciously

I found an interesting article on TechRepublic, “DropSmack: Using Dropbox to steal files and deliver malware.

Given that 50 million people are using DropBox, it surely looks like an inviting attack vector for cyber adversaries. Jacob Williams (@MalwareJake) seems to have developed malware, DropSmack, to embed in a Word file already synchronized by DropBox to infect an internal endpoint and provide Command & Control communications.

What technical control do you have in place that would detect and block DropSmack? A network security product would have to be able to decode application files such as Word, Excel, PowerPoint, PDF, and then detect the malware and/or anomalies embedded in the document.

Can you prevent DropBox from being used in your organization? Should you? What about other file sharing applications?

Anonymous, Decentralized and Uncensored File-Sharing is Booming | TorrentFreak

Anonymous, Decentralized and Uncensored File-Sharing is Booming | TorrentFreak.

Despite efforts to curb file-sharing, it’s booming. New file-sharing apps have been developed that are harder for enterprises to control.

The file-sharing landscape is slowly adjusting in response to the continued push for more anti-piracy tools, the final Pirate Bay verdict, and the raids and arrests in the Megaupload case. Faced with uncertainty and drastic changes at file-sharing sites, many users are searching for secure, private and uncensored file-sharing clients. Despite the image its name suggests, RetroShare is one such future-proof client.

If your Next Generation Firewall uses a Positive Control Model and monitors all 65,535 ports all the time you do not have to worry about these new file-sharing products because they will be blocked as unknown applications. Of course, before you go into production, you must investigate all of the unknown apps to assure that all business-required apps are identified, defined, and allowed by policy.

‘Cyberlockers’ present new challenges to music industry

PaidContent.org published an interesting article yesterday entitled, How ‘Cyberlockers’ Became The Biggest Problem In Piracy.

PaidContent uses the term “cyberlocker” to refer to browser-based-based file sharing applications which pose a new challenge to the music industry’s efforts to thwart illegal sharing of music, aka piracy.

The article highlights some of the better known applications like RapidShare, Hotfile, Mediafire, and Megaupload. It also points out that Google Docs qualifies as a cyberlocker, although it’s used mostly for Word and Excel documents.

What the article fails to mention is amount of malware lurking in these cyberlockers. The file you download may be the song you think it is or it may be trojan.

Palo Alto Networks, the Next Generation Firewall manufacturer, has the statistics to corroborate PaidContent’s claim that browser-base file sharing is growing rapidly.

Palo Alto Network’s Applipedia identifies 141 file sharing applications, of which 65 are browser-based.

Any organization which has deployed Palo Alto Networks can control the use of browser-based file sharing with the same ease as the older peer-to-peer file sharing applications.

Furthermore, if you configure Palo Alto to block the “file sharing” sub-category of  applications, not only will all of the known file sharing applications be blocked, but any newly discovered ones will also be blocked. However, there are valid business use cases for using a file sharing application. Therefore you would want an exception for the one you have selected.

Finally should you choose to allow a file sharing application, Palo Alto will provide protection against malware.