Modernizing Authentication — What It Takes to Transform Secure Access
Microsoft's Windows Live SkyDrive, an online storage service for sharing files and links it launched in beta this past August, became a repository for spammers to host links to their electronic junk mail.
McAfee's Avert Labs was first to point it out in an alert. Within a day, Microsoft gave the e-pests the e-boot, but not before the spammers uploaded "tens of thousands" of files to the service, according to Avert.
"Services like Windows Live Skydrive are attractive to spammers for a number of reasons," said Chris Barton, lead antispam researcher at McAfee Avert Labs, in a mass e-mailing to journalists. "These services are free, provide unique, long-lasting Web links, host almost any kind of file and are relatively safe from blacklisting."https://o1.qnsr.com/log/p.gif?;n=203;c=204634421;s=15939;x=7936;f=201702151714490;u=j;z=TIMESTAMP;a=20304455;e=iIn a statement, Microsoft said it is investigating the claims. "Should we determine that the service is being used improperly, we will take the appropriate steps to maintain the integrity of Windows Live SkyDrive beta," the company said. Avert said the spammers were shut off after 24 hours of peddling an online pharmacy.
Normally spammers use compromised servers in foreign countries or botnet-infected (define) computers, but the use of reputable sites is growing. Dave Marcus, a security research manager at Avert Labs, said it was likely a case of security being overlooked in the development process.
"In the past, online storage has been abused many times and going forward it will continue to be abused," he told InternetNews.com. "This was a beta solution for a limited group of people and they didn't deploy it in a secure enough fashion. It just goes to show you if you are going to put it online, you gotta secure stuff as it's going up, you gotta filter it as it's going in and you gotta scan the data as it's going out."