Trojan Abuses Sendspace: A Closer Look
Trojan Abuses Sendspace: A Closer Look : We recently discovered a Trojan that harvested documents on affected systems and uploaded them to the file hosting site, sendspace.com . This post will discuss more of our findings on the said attack. In order to infect users, email disguised as a shipment notification from Fedex were mass-mailed to target victims. This email contains a downloader Trojan which installs TSPY_SPCESEND.A.” This downloader also installs other malicious executables on affected systems including FAKEAV variants from the BestAV affiliate network and FakeHDD variants from the Yamba network . These were observed to be downloaded from compromised, legitimate websites. Furthermore, this downloader Trojan also shares the same C&C with the TSPY_SPCESEND.A. This strongly suggests that the document-stealing sendspace Trojan is pushed by cybercriminals who are also involved in the Pay-Per-Sell (PPS) underground business. Command and Control Server After the malware uploa...