Blog posts on Symantec and ThreatPost have point the fact that Dropbox is used by bad guys to spread spam and phishing campaigns and also malwares. All theses malwares, files used in phishing and spamming campaigns coming from the “Public Folder” of malicious Dropbox accounts. Any file put in this folder gets its own Internet link so that he can be shared with others. Examples of malwares spread by Dropbox :
http://dl.dropbox.com/u/58336523/x/login.php, PHP/IRCBOT used in remote file inclusion campaigns.
http://dl.dropbox.com/u/63038576/Script.exe, WORM/Ainslot.A.1946 used in infection campaigns.
The problem is that Dropbox is not spreading malwares since few days. If you take a look at Clean MX database, Dropbox is present since 2010-04-19, with an explosion of malwares in 2011. The fact that Dropbox spread malwares is real and it is the case since long time. Dropbox is also present in Malc0de database since 2012-02-26.
Compared to other malware spreaders, Dropbox has a privileged status. For example, in November 2011, FileAve.com a free file hosting provider notorious for spreading thousands of malwares were shutdown after years of activities. FileAve.com have provide 50 MB free storage and a free sub domain for each created account (ex : http://yourname.fileave.com). FileAve.com was present in Clean MX database since the 2007-11-30, in Malc0de database since the 2010-01-11 and in our database since the 2009-02-16. The shutdown of FileAve.com was a good news for every one.
We can ask us a legitimate question, should Dropbox be shutdown, same as for FileAve.com ? Aren’t they both malware spreaders ?