Microsoft Azure is phishing-friendly

Free hosting, free SSL certificate, free subdomains and free anonymizing proxy make Azure a powerful platform for phishing.

Internet research and intelligence firm Netcraft is reporting that Microsoft Azure is becoming popular as a hosting site for phishing attacks.

Netcraft identified several examples of what they call "the most egregious examples targeting well-known institutions:"

  • itune-billing2update-ssl-apple.azurewebsites.net (Apple)
  • paypalscurity.azurewebsites.net (PayPal)
  • www22online-americanexpress.azurewebsites.net (American Express)
  • 3seb-verifiedbyvisa.azurewebsites.net (Visa)
  • login-comcastforceauthn.azurewebsites.net (Comcast)
  • cielo-2014.cloudapp.net (Cielo)

In order to attract web developers, Microsoft has made many powerful facilities free for an evaluation period which is far longer than the lifetime of the average phishing site.

In addition to 30 free days of hosting and a $200 credit on Azure charges, developers can get free subdomains off Microsoft's azurewebsites.net (a domain unlikely to be blocked); a free SSL certificate, free email addresses and a free anonymizing proxy.

azure-paypal-ssl
An Apple phishing site on itune-billing2update-ssl-apple.azurewebsites.net, image courtesy Netcraft Site Report

One particular problem with this arrangement identified by Netcraft is that the free SSL certificates provided by Microsoft do not come with an OCSP responder, and so are irrevocable in many client programs, Mozilla programs in particular.

In all likelihood, phishers aren't using any of the more sophisticated features of Azure, but if they wanted to, they could have access to SQL Server databases, mobile push, media streaming and Hadoop for big data analysis.

Netcraft notes that Microsoft has some weapons that could be used to track down these attackers, particularly the fact that a phone call must be made in the registration process.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All