{
	"id": "3a69b398-0a8c-420e-9f09-6e18a1b32425",
	"created_at": "2026-04-06T01:31:17.277099Z",
	"updated_at": "2026-04-10T03:21:58.123451Z",
	"deleted_at": null,
	"sha1_hash": "737da4c576e7d3ef269137af55fb8c3dcb8fca2a",
	"title": "Dropbox and Similar Services Can Sync Malware",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 37905,
	"plain_text": "Dropbox and Similar Services Can Sync Malware\r\nBy David Talbot\r\nPublished: 2013-08-21 · Archived: 2026-04-06 00:23:21 UTC\r\nDropbox and similar services have exploded in popularity in recent years because users find it so convenient to\r\nsimply drag files to an icon that puts that data in the cloud, shares it with others, and automatically syncs new\r\nversions across multiple devices.\r\nBut ease of use and insecurity often go hand in hand, and now researchers are revealing an uncomfortable truth: if\r\na computer with Dropbox functionality is compromised, the synching feature allows any malware installed by the\r\nattacker to reach other machines and networks using the service. “People don’t consider that once you have\r\nDropbox configured, anything you put in the synchronization folder gets a free pass through the firewall,” says\r\nJacob Williams, a digital forensic scientist at CSR Group. “We’ve tested this on several services, and it gets data\r\nright through the firewall.”\r\nWilliams says that in recent weeks, he has been able to do this not only with Dropbox but also with competing\r\nservices: SkyDrive, Google Drive, SugarSync, and Amazon Cloud Drive. “This is like e-mail in the ’90s,” he says.\r\n“We wanted it, but with it came spam, malware command and control, and malware distribution. We just don’t\r\nhave detection and security tools to cover Dropbox and similar services yet.”\r\nNo one at Dropbox, which was founded in 2007 by Drew Houston and Arash Ferdowsi (see “Hiding All the\r\nComplexities of Remote File Storage Behind a Small Blue Box”), would comment on the matter. The service has\r\nmore than 175 million users.\r\nThe research on Dropbox and similar services adds to a litany of recent security concerns over storing data and\r\ndoing computation on remote or “cloud” servers. While such services can be better than running everything\r\nyourself (see “Being Smart about Cloud Security”), security researchers keep finding new ways to attack them\r\n(see “Security Researchers Rain on Amazon’s Cloud”). “With the increasing use of cloud-based services, these\r\nkinds of attacks are going to reappear until the platforms mature,” says Radu Sion, a computer scientist and\r\nsecurity reasearcher at Stony Brook University. “The attack here is not in fact on Dropbox but rather in the\r\npeople’s use of Dropbox. Dropbox just facilitated a channel for [infected] documents through the corporate\r\nfirewall.” He called it “a well-put-together combination of existing exploits.”\r\nWilliams stumbled onto exploiting Dropbox as an attack vector when a client asked him to test the security of a\r\ncorporate network. As a first step, unrelated to Dropbox, Williams obtained a personal e-mail address for the CIO\r\nand successfully carried out a “spear-phishing” attack when the CIO clicked on an attached file containing\r\nmalware. When the CIO was away from the office with his laptop, Williams was able to get access to the\r\ncomputer—and found corporate documents in a Dropbox synchronization folder.\r\nThis by itself wasn’t Dropbox’s fault; everything on the machine—passwords, family photos—was exposed. But\r\nthe crucial next step involved using Dropbox and its synching powers to load a malware file that would then\r\nappear in folders inside the corporate network.\r\nhttps://www.technologyreview.com/2013/08/21/83143/dropbox-and-similar-services-can-sync-malware/\r\nPage 1 of 2\n\nHe wrote a malicious file called DropSmack and used it to infect a file already in the CIO’s Dropbox folder. When\r\nthe CIO next opened that file, the DropSmack tool then allowed malicious commands to be sent inside the\r\ncorporate network via files synchronized by Dropbox—including commands that allowed files to be stolen. Later,\r\nWilliams replicated the attack with several other popular cloud-storage synching services.\r\nWhile no attacks are known to have occurred this way, “I can’t imagine someone somewhere hasn’t been using it\r\nfor actual attacks,” Williams says. “It’s nearly impossible to detect with current tools, so we don’t know. Data loss\r\nprevention tools have a really hard time with Dropbox and the like. They really fail at protecting these services.”\r\nHe discussed his attacks on cloud storage services in a talk at Black Hat earlier this month.\r\nIn a further finding last week, other researchers were able to decrypt the code used by the Dropbox client—the\r\nprecursor to an attack on Dropbox itself. “I would say it was kind of an easy task—the code was protected in a\r\npretty much simple way,” said Przemysław Węgrzyn, a software engineer at Codepainters, a security firm in\r\nWroclaw, Poland, who co-wrote a paper delivered at the Usenix security conference in Washington, D.C.\r\n“Basically, if you can reverse-engineer it, you can see how it communicates, see everything about the\r\ncommunication, about what kind of security it is, and what level to attack it.”\r\nWęgrzyn himself downplayed the significance of this, however, since it was not an actual successful attack on\r\nDropbox and resulted in no data loss.\r\nSource: https://www.technologyreview.com/2013/08/21/83143/dropbox-and-similar-services-can-sync-malware/\r\nhttps://www.technologyreview.com/2013/08/21/83143/dropbox-and-similar-services-can-sync-malware/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://www.technologyreview.com/2013/08/21/83143/dropbox-and-similar-services-can-sync-malware/"
	],
	"report_names": [
		"dropbox-and-similar-services-can-sync-malware"
	],
	"threat_actors": [],
	"ts_created_at": 1775439077,
	"ts_updated_at": 1775791318,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/737da4c576e7d3ef269137af55fb8c3dcb8fca2a.pdf",
		"text": "https://archive.orkl.eu/737da4c576e7d3ef269137af55fb8c3dcb8fca2a.txt",
		"img": "https://archive.orkl.eu/737da4c576e7d3ef269137af55fb8c3dcb8fca2a.jpg"
	}
}