• On The Insider: Britney's Bikini-Clad Top 10
November 25, 2008 4:23 PM PST

Microsoft ranked fifth worst spam service ISP

by Elinor Mills
  • Font size
  • Print
  • 23 comments

Microsoft is listed fifth in the Top 10 list of the worst spam service ISPs compiled by Spamhaus.org.

Spammers are advertising links to sites that "peddle fake pharmacy products, porn, and Nigerian 419 scams" on Microsoft's Live.com and Livefilestore.com sites because they know that the Microsoft sites won't get blocked by antispam groups, writes Brian Krebs on his Security Fix Blog at the Washington Post.

Spamhaus has been alerting Microsoft to the problem for some time, but to no avail, Richard Cox, Spamhaus' chief information officer, told Krebs. Other security companies, including McAfee and Marshal, have also been warning about increases in spam and scams on Microsoft-hosted sites.

A Microsoft spokesman responded to a request for comment with this e-mailed statement:

Spam and other abuse scenarios are not Microsoft-specific. Microsoft offers Windows Live, a suite of software and services that provides opportunities for customers to post and share their own content through Windows Live Hotmail, Windows Live Spaces, Windows Live SkyDrive, and other free services. As such, spammers have multiple avenues to target consumers with malicious activities. We take protecting our customers' security and privacy seriously and are continually working to improve their experiences while making industry-leading progress to mitigate such attacks through both oversight and technology advancements. Using Windows Live services for spam is explicitly prohibited by the terms of service, and Windows Live accounts that are found to be used by spammers are aggressively removed.

Interestingly, Verizon.com is listed at No. 9.

Microsoft's Live.com and Livefilestore.com are riddled with spam and online scams, Spamhaus.org says.

(Credit: Spamhaus.org)
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
advertisement
Click here!
Recent posts from Security
Chrome OS security: 'Sandboxing' and auto updates
E-tailers snagged in marketing 'scam' blame customers
McAfee warns about '12 Scams of Christmas'
Cisco launches iPhone security app
Town to photograph every car that enters and leaves
New Firefox 3.6 beta aims to cut crashes
Facebook adopts new privacy policy
T-Mobile UK says workers sold customer data
Add a Comment (Log in or register) (23 Comments)
  • prev
  • 1
  • next
by Mr. Dee November 25, 2008 5:07 PM PST
Windows Live Spaces is the worst hit, I wrote to the Spaces Craft Team (Windows Live Space team) about this issue. They said improvements are coming, but its like its falling on def ears. If you check my Windows Live Space, you would see hundreds of Spam comments from persons in China with crap like "Wholesale Nike Shoes, Wholesale Jordans, Wholesale handbags, Cheap Jordan shoes Jordan shoes Cheap Jordans for sale ".

Microsoft, you need to do something about this comment spam and speed up the service too, its like molasses. The Windows Server 2008 HPC needs more RAM.
Reply to this comment
by Pishkado November 25, 2008 5:42 PM PST
Security only gets Redmond's attention when they're dragged, kicking and screaming, into doing something about it. Until that point it takes a back seat to just about anything else - whether we're talking about ISP services, operating systems or applications. It's a matter of desire and priorities, not of resources or capability. Granted, I don't think anyone will ever be able to get rid of this sort of thing completely and permanently, but Microsoft could do a much better job if they cared enough to try.
Reply to this comment
by AdeBarkah November 25, 2008 6:11 PM PST
Microsoft's problem is mostly livefilestore.com which is heavily used by spammers to hide their links. They should just shut this service down.

Google has a similar issue with their services. In fact if you count hosters of malicious software (instead of just spam) then I believe Google networks still rank #1.

A third problem are sites like TinyURL.com, again used by spammers to hide / redirect links.
Reply to this comment
by tacit November 26, 2008 10:46 AM PST
tinyurl.com and other URL redirection services generally act pretty quickly against abuse. I've sent abuse complaints to tinyurl.com five minutes after receiving a spam message and seen the link go dead in less than fifteen minutes. That's why such a tiny amount of spam uses tinyurl; they shut down abusers pretty quickly.

Livefilestore.com, on the other hand, is a mess. It's a sewer of spam redirectors, viruses, Nigerian 419 scams, and malware. What's worse, every time I've ever sent a complaint to any of Microsoft's spam or abuse reporting addresses, it always bounces back with the same error message: "Unfortunately, in order to process your request, MSN Support needs a valid MSN hosted account." I can't even figure out what that means; is it trying to say that you must be a Microsoft customer in order to provide a spam report?

I've seen viruses and malware redirectors stay active on Livefilestore.com for weeks. It's clear that dealing with abuse is simply a very low priority for Microsoft. They could stop a lot of the abuse very simply: don't permit Javascript redirectors, run virus scans on uploaded files, and respond to abuse reports in a timely manner. So far, they seem unwilling or unable to take any of those actions.

I don't think it's malice on Microsoft's part so much as ignorance. In their blinding zeal to tackle Google, they're recklessly making decisions without any thought to security. It should have occurred to someone that offering a free file and Web site storage space to anyone who wanted it would result in folks trying to use that space for viruses, spam, phishes, and scam sites; everyone who has ever offered free file and Web storage space has had to deal with that. But Microsoft seems to have been utterly blindsided, as if it simply didn't occur to them.
by linneyob March 11, 2009 8:10 PM PDT
But Google and Gmail reply to complaints quickly and seem to act on them. Microsoft sends a "bug off" e-mail message....
by gsmiller88 November 25, 2008 7:34 PM PST
Well what do you guys expect, even Windows isn't secure unless you shell out a pretty penny to McAfee or Symantec.
Reply to this comment
by catch23 November 26, 2008 7:45 AM PST
Ever heard of AVG? Or several other free alternatives?
And if you run as a non-admin (like you are supposed to), even that isn't really needed.
Peddle your FUD elsewhere.
by Penguinisto November 26, 2008 8:45 AM PST
"...even Windows"?

*snicker*

/P
by edlee19 November 25, 2008 8:25 PM PST
You have to frame the problem in a way that Microsoft will understand. You have to tell Microsoft that the spammers are competitors of Microsoft who distract potential Microsoft customers from Microsoft's own advertisements.
Reply to this comment
by linneyob March 11, 2009 8:12 PM PDT
But that assumes they actually read the messages instead of just sending an "it's not our problem" response....
by Seaspray0 November 25, 2008 9:59 PM PST
Deaf ears indeed! At this point, there may be nothing they can do other than bring it down.
Reply to this comment
by The_Decider November 26, 2008 11:14 AM PST
Nooooo!!!!!!!!!!


Don't bring it down. I make proper use of Hotmail. Use it to create an account to sign up on websites. That way the spam gets redirected back to where it originated from.

It is an easy way to keep spam out of your email(I get ~5 or less spam messages a week) and it is a poetic solution.
by JCPayne November 26, 2008 3:53 AM PST
So that's where all the wholesale deals are going? :-p
Reply to this comment
by Penguinisto November 26, 2008 6:33 AM PST
Not surprised to see Verizon in the pile - they weren't fully RFC compliant w/ their mail last I dealt with them (2006), and getting hold of their mail admins (not tech support, but the sysadmins) is a trial, to say the least...

MSFT? Their mail service has been a running joke in the SMTP community ever since they bought Hotmail. To their credit, they did try raising the barrier to getting an account (to at least slow down the robo-signups), but yeah - they're a spam-pit... just block all inbound traffic from hotmail and be done with it.

/P
Reply to this comment
by clsgis November 26, 2008 5:17 PM PST
Blocking inbound from Hotmail doesn't stop spammers from using Hotmail mailboxes. The throwaway send accounts aren't the problem, it's the reliable mailboxes for collecting responses from the soon-to-be victims.
by Penguinisto November 29, 2008 1:00 PM PST
Agreed - but those I don't have to care so much about - getting hammered by hotmail servers clogging up the inbound queue OTOH...

/P
by AppleSuxLeo November 26, 2008 6:42 AM PST
And Spamhaus is spam itself. You are calling the kettle black. Sounds like a slow filler-news day.
Reply to this comment
by The_Decider November 26, 2008 11:12 AM PST
LOL

I hope you didn't get paid to write it.
by venomfang81 November 26, 2008 11:30 AM PST
Spamhaus is spam... that's a new one... do you even have a clue what you are talking about... Spamhause has been tracking spam as well as trying to help Network Admins to remove\filter spam for years.

You might want to know what you are talking about before you post comments.
by Penguinisto November 29, 2008 1:04 PM PST
The MSFT fanboy choir is kinda notorious for not knowing what they're talking about... happens that way.

Maybe you can have fun with him and ask what an RBL is or how one works... :)
by Sumatra-Bosch November 26, 2008 11:29 AM PST
Send out Ballmer with a truck full of chairs. He'll take care of those spammers.
Reply to this comment
by clsgis November 26, 2008 5:13 PM PST
Spammers love live.com and hotmail.com mailboxes (and Yahoo.com) because MSFT is *SLOW* to terminate them. Spammers hate Outblaze (mail.com etc) because Outblaze terminates them *FAST*. (Google started out as good as Outblace but recently they're almost as bad as Yahoo.) Microsoft could terminate spammer mailboxes really fast if they wanted. It's a business decision for them to provide free service to the criminal gangs of Africa and Eastern Europe.
Reply to this comment
by linneyob March 11, 2009 8:05 PM PDT
When I report a scam e-mail with a "reply to" address at live.com or hotmail.com, I always get a canned reply saying they can't help because it's not a Microsoft hosted account. No wonder they have so many spam problems.

If I send a complaint to Verizon, I get a quick response telling me they'll follow up on the problem.

At least Verizon seems to be making an effort. If I were a spammer or a scammer, I'd certainly register for a lot Microsoft addresses. I could probably do a lot of damage before Microsoft could be bothered to respond....
Reply to this comment
(23 Comments)
  • prev
  • 1
  • next
advertisement

The 411 on early-termination fees

Verizon Wireless has doubled its early-termination fees for smartphones, but what does it mean for the rest of the industry?

Google has its own plan for Netbooks

No, the search giant isn't saying it will build a Netbook. But it sure knows what it would like one running Chrome OS to resemble, and that's a little different from the Netbook of today.
• Screenshot tour of Chrome OS

About Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

Security topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right