Spammers strike SkyDrive

Published: January 8th, 2008

Spammers have found a new way to dodge filters and creep into your inbox, and they’re using a Microsoft service to unwilling aid and abet.

Last August, Microsoft launched the beta of SkyDrive, a Windows Live service that allows users to upload files to be shared with others. This, by the accounts of some I’ve read, is a nifty little service. Of course, I couldn’t tell you myself, as, like many things Windows Live, its availability in Canada is trailing it use in the States by some several months.

McAfee’s Avert Labs caught thousands of spam messages overnight Monday using SkyDrive links. The linked SkyDrive file is an HTML redirect page that sends the browser to the spammer’s URL. This should not be a problem for me as, like many things Windows Live, its availability in Canada is trailing it use in the States by some several months. However, for others — particularly, I’d guess, beta users of the service who’ve established a network of people to exchange files with, and haven’t much reason to suspect SkyDrive — this will be a major frustration.

Tempting as it is, don’t blame Microsoft. The misuse is clearly in violation of SkyDrive’s terms of service, which apparently also dictate that, like many things Windows Live, its availability in Canada is trailing it use in the States by some several months. (Alright, enough already. I’ve made my point.)

Such services are bound to draw the attention of spammers, points out McAfee lead antispam researcher Chris Barton in this blog posting, a) it’s free and 2) see Point A. Also, the domains are unlikely to be blacklisted, they’ll host almost any file, and so on … check Chris’s blog for the full list of reasons.

It’s a crime (literally, with like jail time and everything) that any useful, free service that a moderately tech-savvy user can access is going to sooner rather than later become a medium for spam artists. As my mother would say, I guess we just can’t have nice things.

Dave Marcus, senior communications manager with McAfee Avert Labs, told me the abuse — it’s not an exploit or a vulnerability — isn’t new, but for the sheer volume. It’s been used on smaller scale file-sharing sites in Europe, sometimes to host malware and porn. Blogs allowing anonymous posting are also ripe. “Spammers love to use stuff like that,” he says. “If it’s free and worth abusing, they’ll find it.”

Spammers are good at cycling their tactics, Marcus says — PDF spam for a while, then MP3 spam, then back to Storm-style mailers. “They think it makes them more effective, but it really doesn’t,” Marcus says. “Of course, we don’t tell them that.” (Ooops.)

When you’re trying to offer a service that’s useful, free and accessible, can you really batten down the hatches with more than a terms of service agreement? Yes, says Marcus, with appropriate filtering and scanning. But remember, this is in beta: Expect corrective action from Microsoft fairly sharpish.



Related Download
IBM Reference Architecture for Genomics Sponsor: IBM
IBM Reference Architecture for Genomics

Register Now
Uncategorized