Microsoft’s Windows Live SkyDrive (formally Windows Live Folders) launched their public beta late last year. It is an online storage service for sharing files and links… and NOW it’s also an online repository for spammers to host links to their electronic junk-mail/spam.

The service lets you save information online for personal use; share information with select people based on their Live ID, with either read or contributor permissions; and makes content available to anyone via web-links. The Live SkyDrive interface is simple and intuitive, and the service currently enforces a 1GB limit.

As of late spammers have been abusing this service by taking advantage of a loophole (of such) within the Sky Drive system itself. So how do they do it?

Spammers simply create a free SkyDrive account and upload a simple html file that redirects the unsuspecting viewer to a respiratory of pills and meds for sale (how cliché).
The html file is relatively simple, consisting of some basic JavaScript:

<html><body><script language=JavaScript>window.location.replace(
"http://top10epharms.com“)</script></body></html>

So what makes services like these worth abusing and attractive to spammers?

• Unique urls
• Domains relatively safe from blacklisting
• Link longevity
• abuse handling issues
• Features – host *almost anything*
• Great Price
• Someone else pays the hosting costs

Usually spammers use compromised servers in foreign countries or bonnets to send out their spam, however utilizing file sharing sites (such as SkyDrive) is not the newest trick in the book, this one just got hit…hard & suddenly.

Another interesting point is the number of times we trapped each URL was interestingly low for such a big campaign, I’d therefore estimate they had tens of thousands of files uploaded- McAfee Weblog.

Microsoft have come to the party however and are beginning to shut down these malicious SkyDrive accounts (some 24 hours after they had started), instead replacing the old malicious files with Sky Drive Welcome Notes as seen here.

Yet another instance of “If its free and worth abusing, discovery time is the variable these days”