We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,078 News Articles

Dropbox's URL shortener abused by spammers

Symantec finds the popular file-sharing application is now being abused by spammers

Spammers are abusing a Dropbox feature that lets users share a shortened link, directing people to websites selling questionable pharmaceuticals, according to security vendor Symantec.

Dropbox, the file-sharing and synchronization service, has a public folder that is dedicated to sharing content. Dropbox's URL (uniform resource locator) shortening service can be used to create links to content in that public folder.

Spammers have seized on this and are creating shortened links to images stored in the public folder. The images contain a link to online pharmaceutical retailers, wrote Nick Johnston, a senior software engineer at Symantec.

"We saw over 1,200 unique Dropbox URLs being used in spam over a 48-hour period," Johnston wrote. "We have informed Dropbox, providing them with the full list of URLs."

Spammers have often abused URL shortening services. The services are advantageous to spammers since people can't immediately tell where the shortened link will take them.

Twitter introduced its own shortening service, but as a security measure resolves the link to see if it has been reported as malicious. Twitter's URL shortener will also display the target link if users hover the mouse pointer over the shortened link to give users a better idea of where they are going.

But spammers are a creative bunch, and lately they've also been using open-source software to create their own shortening services.

Symantec has noticed at least one other way Dropbox has been abused. A Brazilian malware campaign with spam messages in Portuguese included links to image files hosted on Dropbox, Johnston wrote. The files weren't images, though, but malicious software.

Dropbox couldn't immediately be reached for comment.

Send news tips and comments to jeremy_kirk@idg.com


IDG UK Sites

Swatch to release its own line of smartwatches to rival iWatch

IDG UK Sites

From the iPhone 6 to the iWatch and a new Apple TV we look at the products Apple is set to launch...

IDG UK Sites

Miranda July's Somebody app offers a very unusual take on messaging

IDG UK Sites

The 7 most ridiculous iPhone 6 rumours: what Apple WON'T reveal on 9 September