Spammers have found another great place to hide spam URLs in plain sight – on Microsoft's Live SkyDrive file sharing service.
According to McAfee, the beta service, previously known as Windows Live Folders, is hosting html files used by an active spam campaign to link people to a generic website pushing pharmaceutical products.
The main attraction of SkyDrive is simply that it is a trusted Microsoft domain, and is therefore unlikely to be filtered by reputation-based services, as might many other spam-sending domains. But the spammers might also have been impressed with Microsoft's offer of 1Gb of file space, no questions asked, and with no monthly costs of any kinds.
The company predicts that the link will morph into any one of a number of redirect scams in the near future if left alone.
"We've seen a few small scale spam using SkyDrive service dating back to November last year but on an much smaller scale to last night's campaign," says McAfee blogger Chris Barton, in his expose on the spam hijack.
"I'm sure it won't be too long before it's used to host other unwelcome content types. I'd like to see more of these online file storage offerings malware scanning downloads too," he concludes, gloomily.
Microsoft only launched the service last August, since which time it has found a number of rivals, including Google. Only this week, Gartner predicted that the market for such services was set for rapid growth.
The point of such services is not backup as such – SkyDrive has no backup tools to speak of – but the contemporary craze for linking and sharing files from a convenient point of high availability, a sort of low-end FTP without the complication.