Spammers Hijack Microsoft’s SkyDrive Service


Microsoft’s Windows Live SkyDrive (formally Windows Live Folders) launched their public beta late last year. It is an online storage service for sharing files and links… and NOW it’s also an online repository for spammers to host links to their electronic junk-mail/spam.
The service lets you save information online for personal use; share information with select people based on their Live ID, with either read or contributor permissions; and makes content available to anyone via web-links. The Live SkyDrive interface is simple and intuitive, and the service currently enforces a 1GB limit.
As of late spammers have been abusing this service by taking advantage of a loophole (of such) within the Sky Drive system itself. So how do they do it?
Spammers simply create a free SkyDrive account and upload a simple html file that redirects the unsuspecting viewer to a respiratory of pills and meds for sale (how cliché).
The html file is relatively simple, consisting of some basic JavaScript:
<html><body><script language=JavaScript>window.location.replace(
"http://top10epharms.com“)</script></body></html>
So what makes services like these worth abusing and attractive to spammers?
- Unique urls
- Domains relatively safe from blacklisting
- Link longevity
- abuse handling issues
- Features – host *almost anything*
- Great Price
- Someone else pays the hosting costs
Usually spammers use compromised servers in foreign countries or bonnets to send out their spam, however utilizing file sharing sites (such as SkyDrive) is not the newest trick in the book, this one just got hit…hard & suddenly.
Another interesting point is the number of times we trapped each URL was interestingly low for such a big campaign, I’d therefore estimate they had tens of thousands of files uploaded- McAfee Weblog.
Microsoft have come to the party however and are beginning to shut down these malicious SkyDrive accounts (some 24 hours after they had started), instead replacing the old malicious files with Sky Drive Welcome Notes as seen here.
Yet another instance of “If its free and worth abusing, discovery time is the variable these days”
Posted in Security, Windows Live | 2 Comments »
January 12th, 2008 at 5:09 am
Wow that sucks, I love the Skydrive service and would hate to see Spammers ruin it for the regular user.
January 27th, 2008 at 5:36 pm
[…] 从MSBlog读到的这则消æ¯ç€å®žæœ‰äº›æƒŠè®¶ï¼šæœ¨é©¬è€…/钓鱼者/滥用者æ£åœ¨åˆ©ç”¨SkyDrive看似简å•å´ä¼˜è´¨çš„å˜å‚¨æœåŠ¡ç§é©¬/é’“é±¼/滥用。一般的方法是,注册一个SkyDrive叿ˆ·ï¼Œä¸Šä¼ è¿˜æœ‰æ¶æ„代ç çš„HTML文件,并将外链地å€ï¼ˆHot Link)å‘布。尽管微软在å垃圾方é¢ä¸€ç›´å¾ˆå¥‹åŠ›ï¼Œä½†å¯¹äºŽè¿™ç§è¡Œä¸ºä»Žç”¨æˆ·å‘现到举报å†åˆ°å¾®è½¯å¤„ç†æ»¥ç”¨å¸æˆ·å¾—花上1,2天甚至更长的时间。这些Spammer看ä¸SkyDriveçš„åŽŸå› æ˜¯è¯¸å¤šæ–¹é¢çš„: […]