Economical and effective, free online services are especially appealing to budget conscious small and midsize businesses (SMBs) but they are also attracting the attention of spammers.
An attempt this week to breach the e-mail filters of Microsoft’s free online storage service is a case in point according to David Marcus, security researcher and communications manager for security software maker McAfee Inc.
Windows Live SkiDrive, a free online storage site has been very popular with many businesses since its launch for beta testing last August. The service allows users to upload 1 GB of data and share them with anyone via Web links.
Spammers, however, abused the site by uploading tens of thousands of HTML files that redirect SkyDrive users to an online pharmaceutical store, according to McAfee Avert Labs, the security firm’s risk research arm.
Microsoft, which is investigating reports, explicitly prohibits the use of spam in SkyDrive, said Bruce Cowper, program manager, security initiative, Microsoft Canada.
“We’re unaware of any customer impact. Should we determine that the service is being improperly used, we will take the appropriate steps to maintain the integrity of Windows Live SkyDrive beta,” he said.
He said service users can checkout the Microsoft security site for tips on secure online activity.
The SkyDrive spam incident, however, is far from unique. Spammers just love using free online services, Marcus said.
“The lesson learned here is: if it’s free, it’s worth abusing”.
Spammers are drawn to no charge online services for the following reasons: they provide a ready source of unique URLs, host almost any kind of file, are relatively safe from blacklisting, have long lasting Web links and someone else pays for the hosting cost.
The data storage market is set to explode in the near future as SMBs increasingly rely on data and face more regulatory requirements to collect and store information, according to analyst firm IDC.
IDC estimates that revenues in this emerging market will reach US$715 million by 2011.
Individuals and small businesses are now more interested in alternative data protection and backup methods as they find traditional systems inadequate or too expensive said Dough Chandler, research director for storage services at analyst firm IDC.
“Online backup has become more attractive with the advent of cheaper broadband access, greater user comfort level with Web-based services and the growing need for a second remote data storage site,” he said.
The burgeoning storage demand is accompanied by SMBs’ lack of skills in securing data from attacks, said Marcus.
Increasingly, security functions ranging from firewall maintenance and anti-denial of service to spam and malware filtering will be outsourced to specialists.
“Service providers therefore must be vigilant in protecting clients from spam and malicious attacks,” Marcus said.
In the case of online storage sites where data can be freely shared, service providers must scan and filter everything that enters or leaves the system, according to Marcus.
Service users, on the other hand, must develop appropriate security policies regarding the upload and download of data.
Here are a few tips on how to prevent spammers from getting hold of your e-mail address:
- Don’t be an easy target. Do not post your e-mail address in un-obfuscated form on the Internet
- To check if your address is a spammer target, type into a Web search engine like Google. If your address is posted in any site or Web group, remove it to reduce risk
- Many ISP or online service providers provide free spam filters. Use it
- When replying to newsgroup postings, do not include your e-mail address
- Never respond to spam. Even when you are responding to request being removed from the mailing list, this alerts spammers that your address is active