Microsoft has risen to the top 5 of Spamhaus’s worst networks list; even though Microsoft has been notified of some issues months ago, several spam gangs are still using Microsoft’s servers to host spamvertised websites and to redirect unsuspecting users to malicious URL’s. 

ms-no5-spam

Richard Cox, CIO of Spamhaus, explains the listing:

We have been notifying Microsoft about this for some months now at a high level that the abuse at livefilestore.com we believe now exceeds any genuine use of that service that may exist.

[…]

It should not be difficult for a company with Microsoft’s resources to identify and mitigate that abuse in-house without any external input, but so far this has not happened. Microsoft’s live.com system has for some time been supporting an illegal drug sales operation, and Microsoft has known this.

The livefilestore.com service allows users to upload their own files and publish them online; while this service is not unique, Microsoft has a very bad track record when it comes to removing accounts that are abusing the service. If you browse through the Spamhaus listings for microsoft.com, you’ll find some very funny comments. Here are some examples:

SBL68297: livefilestore.com is used as a re-director for the major botnet spam gangs. Illegal drugs, illegal online casinos, apparently Microsoft supports all that. Microsoft have still not stopped the abuse although this sort of abuse is in reality very easy to stop.

SBL68342: The management of Microsoft.com should be ashamed that such activity is still allowed on their network, long after their staff had been made aware of it. In England, this sort of case is referred to by lawyers as an “Attractive Nuisance” and is now a Criminal Offence under the UK’s Proceeds of Crime Act.

Avert Labs has been warning about this since january. The provide a list of features that make this service so attractive to spammers:

  • Unique urls
  • Domains relatively safe from blacklisting
  • Link longevity
  • abuse handling issues
  • Features – host *almost anything*
  • Great Price
  • Someone else pays the hosting costs

I find it amazing that in this day and age, there are still some major spam operations that are supported by reputable US companies. Fortunately this kind of public shaming seems to have its effects: see the McColo and Atrivo/InterCage cases for some good examples.