As you can see, the budding phish hunter needs to be careful – while using genuine login credentials and having all your information stolen to verify a phish is a new one on me, many phish directories can host malware, drivebys, extremely dubious pornography and more besides.
Here’s a file being hosted on Dropbox(dot)com that popped up on the Phishtank list today and (instead of being a phish, as you might expect) is a live infection called “Cheque487002.com”
A file ending in .com is highly unlikely to be your friend. In this case, we have an 18/42 detection rate for a data theft Trojan we detect as BehavesLike.Win32.Malware.rwx (mx-v).
As a sidenote, I’ve noticed a lot of scammers taking advantage of Dropbox(dot)com lately – everything from fake IRS tax returns and Paypal to Runescape logins and, er, Barbara Streisand albums.
Suddenly that malware looks a lot more appealing…
Christopher Boyd