- Apr 25, 2013
- 5,355
UPSTART SERVICE PROVIDER Microsoft's Onedrive cloud storage service, which was named Skydrive until very recently, is hosting malware that attacks users via a fake flash player update, security firm Malwarebytes has warned.
Detected as Trojan.Agent.AI and named "Neutrino", the malware arrives as a downloaded binary file that's a payload from the Neutrino Exploit Kit delivered through a Java exploit.
Malwarebytes said that apparently it is detected by nine out of 10 antivirus vendors' products listed by virus scanning vendor Virustotal.
"Recently I found a downloader collected from our honeypot that appears to be a Fake Flash Player installer," said Malwarebytes intelligence analyst Joshua Cannell.
"These type of programs usually deliver malware and are very successful at making people believe they're installing or updating the real Flash Player."
The first request sets up a secure connection over SSL and then redirects the victim to the download location.
The file retrieved is called "flashplayer2.exe". This file is executed and then the downloader is deleted.
When the file runs, it contacts a Skydrive, er, Onedrive URL and presents a dialog that says it's installing Flash Player, and then says, "Installation Finished!" if everything goes well.
"I visited the download server multiple times, and managed to get different samples, each with their own icon (including a creepy skull). This means the samples stored on the [Onedrive] folder are constantly being updated," Cannell added.
"To be fair to Microsoft, this isn't the only instance where cloud storage has been used for bad things."
Last November Malwarebytes reported a malicious script that was hosted on Google Drive, and similar things have happened with Dropbox.
"It appears more security measures need to be into place to prevent various malicious files and programs from being uploaded to cloud storage services," Cannell said.
Microsoft renamed its Skydrive cloud storage service Onedrive on Monday following a legal dustup with Bskyb.
Microsoft announced the news in a blog post on its recently launched Onedrive.com domain, where a holding webpage promises that Microsoft will soon launch the renamed cloud storage service that now ties in with its Xbox One branding.
Detected as Trojan.Agent.AI and named "Neutrino", the malware arrives as a downloaded binary file that's a payload from the Neutrino Exploit Kit delivered through a Java exploit.
Malwarebytes said that apparently it is detected by nine out of 10 antivirus vendors' products listed by virus scanning vendor Virustotal.
"Recently I found a downloader collected from our honeypot that appears to be a Fake Flash Player installer," said Malwarebytes intelligence analyst Joshua Cannell.
"These type of programs usually deliver malware and are very successful at making people believe they're installing or updating the real Flash Player."
The first request sets up a secure connection over SSL and then redirects the victim to the download location.
The file retrieved is called "flashplayer2.exe". This file is executed and then the downloader is deleted.
When the file runs, it contacts a Skydrive, er, Onedrive URL and presents a dialog that says it's installing Flash Player, and then says, "Installation Finished!" if everything goes well.
"I visited the download server multiple times, and managed to get different samples, each with their own icon (including a creepy skull). This means the samples stored on the [Onedrive] folder are constantly being updated," Cannell added.
"To be fair to Microsoft, this isn't the only instance where cloud storage has been used for bad things."
Last November Malwarebytes reported a malicious script that was hosted on Google Drive, and similar things have happened with Dropbox.
"It appears more security measures need to be into place to prevent various malicious files and programs from being uploaded to cloud storage services," Cannell said.
Microsoft renamed its Skydrive cloud storage service Onedrive on Monday following a legal dustup with Bskyb.
Microsoft announced the news in a blog post on its recently launched Onedrive.com domain, where a holding webpage promises that Microsoft will soon launch the renamed cloud storage service that now ties in with its Xbox One branding.
