MSN hosting '10 percent of spammers' sites'

Microsoft's blogging service is rapidly becoming spammers' favourite place to host their wares, though it's still some way before it catches up to Yahoo's Geocities.

Microsoft's blogging service is rapidly becoming spammers' favourite place to host their wares, though it some way to catch up to Yahoo's Geocities.

Spammers have started using Microsoft's MSN Spaces blogging service to host malicious content used during spam and virus onslaughts, Internet security firm SurfControl said.

MSN Spaces, which was launched at the end of last year, is a free content sharing and hosting service. Users are required to sign up for a Microsoft passport, after which they can publish a blog and share files.

However, a relatively simple registration system means that spammers are exploiting the service by creating accounts used to deliver often illegal messages and malicious files to unsuspecting users, said Charles Heunemann, managing director of security firm SurfControl.

According to Heunemann, Yahoo's Web hosting service Geocities has been targeted by spammers for some time but MSN's validation system is making the service very popular.

SurfControl claims that 10 percent of all spam on the Internet is now linked to Microsoft's blog network.

"About three weeks ago 30 percent of the spam on the Internet was directing victims to Geocities sites advertising pharmaceuticals. Spammers have moved their content to [MSN Spaces] and from what we gather, the volume of spam attacking MSN sites is about 10 percent--but we think it will grow," said Heunemann.

However, Tim Hartman, senior systems engineer at Symantec, said that even if Microsoft improved the validation system, spammers would soon find a way around it.

"This isn't Microsoft's fault. Any introduction of new technology is at risk of being exploited or used for inappropriate purposes. Microsoft is not the only target. This is simply a method of keeping the content of the spam email to an absolute minimum--giving anti-spam companies very little to go on," said Hartman.

Hartman said the problem is a prime example of why simple blacklists are no longer effective: "Mail administrators should be aware that simple blacklists are no longer an appropriate countermeasure against spam-- companies need to dig deep into the content of the email's body to make a call on whether something is spam or not."

Last month, Internet security firm Websense reported an "alarming" increase in the use of free Web space services for distributing malware. Dan Hubbard, Websense senior director of security and technology research, said that more malware was found on free hosting services during the first two weeks of July than in May and June combined.

Adam Biviano, senior systems engineer at Trend Micro Australia and New Zealand, said that although free Web hosting is becoming a popular tool for spammers and virus writers, it is still second choice to a zombie network--a loosely-coupled network of computers compromised by a virus or Trojan and covertly controlled by a third party.

"Botnets are always going to be a more lucrative avenue for (spammers and virus authors)--you are not going to get that mass control you get with a botnet," said Biviano, who argued that improved design could help reduce the exploitation of such services.

"There are definitely safety controls that can be put into place if you design the system accordingly," said Biviano.