Fileave.com is a one click hosting site which provides free file hosting for its users. When compared to other similar one click hosts, the 50MB of free disk space provided by fileave.com may sound minuscule, but the fact that there’s no “wait” restrictions or CAPTCHAs to solve before downloading a file seems to make it a favourite among malware authors to host their malicious code.
The graph above displays the number of unique URLs hosting malicious files from fileave.com which were collected by our automated systems.
Closer inspection revealed that the sudden spike from ~100 URLs in the month of July to ~550 in the month of August was due to a mass compromise using the “Black-hole” exploit kit with the final payload hosted on fileave.com. The malware author responsible for this mass compromise had registered a total of ~400 unique URLs in just 1 month in the following format:
- “http://clickme[2 Random characters].fileave.com”
Discounting these URLs, the graph still shows a worrying trend:
The number of malware authors using fileave.com to host their malicious payload is on the rise. The fact that fileave.com has none of these measures in place is bound to be exploited even more by malware authors in the days to come.