Earlier in the week the team Dropbox announced that the feature to generate links to download files in any folder – not just the public, for this kind of sharing – would be released for all users. Some already had, especially those who subscribe to Dropbox package for companies. But now everyone has. Today we received the email contact our site a sample of misuse of the feature.
Who has not received a billing message of which the company never heard of, right? This is called phishing. They try to trick you to get your data or through false pages financeireas institutions or installing some malware on your machine. For this, use links sometimes vested in unfamiliar areas.
Or not. Now, they can use Dropbox, a service recognized especially in the middle geek, to disseminate these problematic files.
We received the message with a supposed way of collection that leads to a .zip file hosted by Dropbox. When you download and open the .zip file, I found that it is an .exe that I dared not run or extract the compressed file to see what it is.
This hypothesis was raised by some Internet observers: Dropbox with open links would create a phenomenon similar to Megaupload, with pirated files circulating freely. The terms of Dropbox service clearly say “xô” for pirateiros. Still, anyone who doubts that this might actually happen?
Similarly, malicious users now have another repository where host vested files that are used to infect machines and steal data.
We got in touch with Dropbox to know how they will proceed with respect to this type of use of the service. We publish a response when – and if – it arrives.