Monday, January 21, 2019
  • Home
  •             

Spammers Hijack Microsoft’s SkyDrive Service

January 11th, 2008 by Patrick S

Microsoft’s Windows Live SkyDrive (formally Windows Live Folders) launched their public beta late last year. It is an online storage service for sharing files and links… and NOW it’s also an online repository for spammers to host links to their electronic junk-mail/spam.

The service lets you save information online for personal use; share information with select people based on their Live ID, with either read or contributor permissions; and makes content available to anyone via web-links. The Live SkyDrive interface is simple and intuitive, and the service currently enforces a 1GB limit.

As of late spammers have been abusing this service by taking advantage of a loophole (of such) within the Sky Drive system itself. So how do they do it?

Spammers simply create a free SkyDrive account and upload a simple html file that redirects the unsuspecting viewer to a respiratory of pills and meds for sale (how cliché).
The html file is relatively simple, consisting of some basic JavaScript:

<html><body><script language=JavaScript>window.location.replace(
"http://top10epharms.com“)</script></body></html>

So what makes services like these worth abusing and attractive to spammers?

  • Unique urls
  • Domains relatively safe from blacklisting
  • Link longevity
  • abuse handling issues
  • Features – host *almost anything*
  • Great Price
  • Someone else pays the hosting costs

Usually spammers use compromised servers in foreign countries or bonnets to send out their spam, however utilizing file sharing sites (such as SkyDrive) is not the newest trick in the book, this one just got hit…hard & suddenly.

Another interesting point is the number of times we trapped each URL was interestingly low for such a big campaign, I’d therefore estimate they had tens of thousands of files uploaded- McAfee Weblog.

Microsoft have come to the party however and are beginning to shut down these malicious SkyDrive accounts (some 24 hours after they had started), instead replacing the old malicious files with Sky Drive Welcome Notes as seen here.

Yet another instance of “If its free and worth abusing, discovery time is the variable these days”

Posted in Security, Windows Live | 2 Comments »


This entry was posted on Friday, January 11th, 2008 at 6:36 am and is filed under Security, Windows Live. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.


2 Responses

  1. Jimmy Says:

    Wow that sucks, I love the Skydrive service and would hate to see Spammers ruin it for the regular user.

  2. Chark Talks » Spammer看中SkyDrive Says:

    […] 从MSBlog读到的这则消息着实有些惊讶:木马者/钓鱼者/滥用者正在利用SkyDrive看似简单却优质的存储服务种马/é’“é±¼/滥用。一般的方法是,注册一个SkyDrive帐户,上传还有恶意代码的HTML文件,并将外链地址(Hot Link)发布。尽管微软在反垃圾方面一直很奋力,但对于这种行为从用户发现到举报再到微软处理滥用帐户得花上1,2天甚至更长的时间。这些Spammer看中SkyDrive的原因是诸多方面的: […]