Spammers infiltrate Windows Live SkyDrive beta

Spammers are using Microsoft’s beta file-sharing service to redirect unsuspecting users to their Web pages, according to McAfee’s Avert Labs.

Dave Marcus, senior communications manager with McAfee Avert Labs, says the research lab captured “thousands” of spam files overnight on Monday that use Windows Live SkyDrive.

Last August, Microsoft launched the beta of SkyDrive, a Windows Live service that allows users to upload files to be shared with others. The service is not yet available in Canada.

The linked SkyDrive files are simple HTML redirect pages that send the browser to the spammer’s URL.

In a blog posting, McAfee lead antispam researcher Chris Barton says such abuses began appearing in November, but the overnight flurry was on a much larger scale.

Marcus says this type abuse — it’s not an exploit or a vulnerability, he insists — isn’t new. It’s been used on smaller scale file-sharing sites in Europe, sometimes to host malware and pornography. Blogs allowing anonymous posting are also ripe for abuse, he says.

“Spammers love to use stuff like that,” he says. “If it’s free and worth abusing, they’ll find it.”

Read more …

Dave Webb blogs about Skydrive spam on Security Insider.

Spammers are good at cycling their tactics, Marcus says — PDF spam for a while, then MP3 spam, then back to Storm-style mailers. “They think it makes them more effective, but it really doesn’t,” Marcus says.

Microsoft Canada couldn’t make a spokeperson available for an interview by press time, but provided an e-mailed statement from Bruce Cowper, program manager of Microsoft Canada’s security initiative.

“Microsoft is investigating new public claims of spam abuse taking place on Windows Live SkyDrive beta,” according to the statement. “Using Windows Live SkyDrive beta for spam is explicitly prohibited by the terms of service. We’re currently unaware of any customer impact. Should we determine that the service is being used improperly, we will take the appropriate steps to maintain the integrity of Windows Live SkyDrive beta.”

In the meantime, Microsoft suggests surfers visit its Microsoft Security at Home page for tips on a safer online experience.

Marcus agrees education is an important course of action, but said he expects Microsoft will batten SkyDrives hatches with screening and filtering functionality as well.