Windows Live and SkyDrive: safe havens for spam?

A blog post today on a Washington Post blog, Brian Kreb’s Security Fix, pointing to the Spamhaus.org Top 10 list, reports that Windows Live, through live.com and livefilestore.com domains, has vaulted to be the #5 “most spam friendly” Internet Service Provider.  Spamhaus, which since 1998 has maintained block lists of known spammers that are used worldwide, had Microsoft at the #9 spot (#1 being the worst) earlier this month, but in the last few days has risen rapidly.  One problem is in blocking a popular site such as microsoft.com causes its own problems, according to the blog post:

Richard Cox, Spamhaus’s chief information officer, said spammers advertise the links at Microsoft’s properties by the tens of thousands at a time, because they know anti-spam groups are unlikely to block Microsoft properties outright.

Spammers are using SkyDrive accounts to hold snippets of javascript code that, when run, redirect anyone led to them by an email link to various scammer websites, including gaming and online pharmacy sites.

Others have reported on problems with spam hosted on SkyDrive accounts recently as well, according to Kreb.  In January, McAfee wrote about it in a blog post of their own, and last month UK security firm Marshal  posted as well

Microsoft has been slow to react to the issue, according to Cox. 

"It should not be difficult for a company with Microsoft’s resources to identify and mitigate that abuse in-house without any external input, but so far this has not happened," Cox said. "Microsoft’s live.com system has for some time been supporting an illegal drug sales operation, and Microsoft has known this."

When contacted by Security Fix, Microsoft declined to offer anyone up for an interview, although it issued a statement through John Scarrow, general manager of safety services at Microsoft.  Scarrow said, in part:

We take protecting our customers’ security and privacy seriously and are continually working to improve their experiences while making industry leading progress to mitigate such attacks through both oversight and technology advancements. Using Windows Live services for spam is explicitly prohibited by the terms of service, and Windows Live accounts that are found to be used by spammers are aggressively removed."

It isn’t clear to Spamhaus, or to Brian Kreb, that Microsoft is acting as aggressively as it says.  Some live.com properties listed on Spamhaus.org over a month ago are still active.