Spaces.live.com

From Spamwiki
Jump to: navigation, search

Introduction

Vertu Replica Luxury Phones - Click to expand
Canadian Pharmacy - Click to expand
Canadian Pharmacy - Click to expand
Software piracy - Click to expand
EuroSoft - Click to expand
Software piracy - Click to expand
Russian brides - Click to expand
Russian Dating - Click to expand
Russian brides - Click to expand
Russian brides scam - Click to expand
Russian brides scam - Click to expand
Pharmacy Express - Click to expand
Acai Elite - Click to expand
Russian pharmacy - Click to expand
Online Pharmacy - Click to expand
Gambling Casino - Click to expand
Discount Pharmacy - Click to expand
Canadian Health&Care Mall - Click to expand
Extended car warranty (removed) - Click to expand
Swiss Replica Co - Click to expand
Nature Meds - Click to expand
Swiss Apotheke - Click to expand
German Apotheke - Click to expand
Gambling Casino - Click to expand
Russian family tree scam - Click to expand
Counterfeit watches - Click to expand
Counterfeit watches - Click to expand
Russian portal - Click to expand

For the past two years up to March 2010, spammers have abused the Microsoft spaces.live.com free service to set up redirections to their spammed sites. Microsoft was chosen as the abuse victim for these reasons

  1. it is free, reducing the cost of the operation to the spammers
  2. live.spaces.com is such a large provider of web sites, that few URL blacklisting services would be likely to blacklist email containing links to it, in fear of creating many false positives
  3. Microsoft's abuse reporting system is inadequate, and the company's responsiveness is woeful
  4. redirection URLs in spam would result in only the redirectors being blacklisted if at all. The redirection target sites effectively "fly under the radar" and are less visible for reporting and suspending by registrars.

Microsoft is abundantly aware of the severity of this issue. The redirection URL lends itself to ready detection and suspension via an automated tool, given that it follows a fixed format, and redirects to an easily detectable, albeit growing, range of target sites.

Recent History

On these pages Microsoft were able to find a list of 25,000 compromised sites to be removed:

They have since been removed.


Each spaces.live.com URL spammed provides a web page on Microsoft's abused service that will redirect to one of a range of spam brands. Each brand represents an illegal web site that indulges in fraud and misrepresentation. It is strongly recommended that visitors do not provide their identity and credit card details on any of these sites. They are run by criminals who use stolen credit cards to order domain names for spamming, or to sell stolen identities within their own "carding" community.

Through spaces.live.com Microsoft supports

( eg http://cid-6155a71ae09c375b.spaces.live.com/ and http://cid-c35e9141fd58892d.spaces.live.com/ redirect to http://murgadobarotes.net/ described in this wiki at EuroSoft )

Software piracy examples

Some of these redirections have subsequently been removed by Microsoft Live.pirate.jpg

Redirection from spaces.live.com Target piracy site
bellyfull073.spaces.live.com dramboveras.net
borroughs78.spaces.live.com.spaces.live.com dramboveras.net
gibe46.spaces.live.com dramboveras.net
normal2204.spaces.live.com dramboveras.net
titian455.spaces.live.com dramboveras.net
phagocyte376.spaces.live.com profekloreas.net
rutgers8457.spaces.live.com profekloreas.net
stratton12.spaces.live.com profekloreas.net
suppression683.spaces.live.com profekloreas.net
vella328.spaces.live.com profekloreas.net
belying4471.spaces.live.com dragohuneas.net
mccracken688.spaces.live.com dragohuneas.net
latera8184.spaces.live.com dragohuneas.net
gyrfalcon071.spaces.live.com kassiopenasas.net
comanche1830.spaces.live.com kassiopenasas.net
instable9270.spaces.live.com donaterrosas.net
footwork70.spaces.live.com donaterrosas.net
caruso939.spaces.live.com donaterrosas.net
wrest5546.spaces.live.com donaterrosas.net
levity680.spaces.live.com donaterrosas.net
technique2653.spaces.live.com donaterrosas.net
value6424.spaces.live.com donaterrosas.net
2annapolis257.spaces.live.com donaterrosas.net
pekypyviq.spaces.live.com cowdetionses.ru
kahuzytohi.spaces.live.com cowdetionses.ru
hatyfynuk.spaces.live.com cowdetionses.ru
jodusipipuk.spaces.live.com cowdetionses.ru
gapemulyxe.spaces.live.com cowdetionses.ru
byfucekydo.spaces.live.com cowdetionses.ru
cujubecizy.spaces.live.com cowdetionses.ru
hinizyzaw.spaces.live.com vietongeras.net
vucyxiwyhy.spaces.live.com vietongeras.net
rubidakir.spaces.live.com privatoneas.net
dyzoxynos.spaces.live.com flopertoveres.ru
ribedyryd.spaces.live.com flopertoveres.ru



On the few occasions when Microsoft has taken action following complaints, attempting to view the pages returns the message:

Sorry, Spaces is temporarily unavailable at this time.  	

If you are the owner of this Space, here's a few of the potential reasons why you may be seeing this message:

   * Operational Issues: Please check The Space Craft to verify overall Windows Live Spaces availability.
     If problems persist, you can be sure we're working on it -- please check back later and allow us
     time to resolve the issue.
   * Code of Conduct Violation: You may have posted content to your Space (often unintentionally) that
     violates our Code of Conduct. Check your Hotmail Inbox, or the inbox associated with your Windows
     Live ID, for messages from Support.

If you're still not sure why your Space is unavailable but the rest of the site seems to be working,
please contact Windows Live support for additional assistance.

How Microsoft can fix the problem

The methodology for fixing the problem is now well established. Other major providers have had to deal with this problem, and have successfully cleaned it up.

  1. The first step is to remove all existing infections.
  2. The second step is to remove the ability to create new infections.

1. Removing existing infections involves a process of examining the contents of infected pages, and collecting a set of unique signatures. These are sections of code that are unique to the infection, and that would have a low likelihood of appearing on legitimate pages. With enough such signatures, you have a high probability of being able to mark a page as either legitimate or infected. Next you start a continually running program that scans through every page, and removes the infected ones. The removal can be a complete deletion, or a request for the page owner to contact Microsoft to explain why the page should be reinstated. Either way, the general public can no longer access the original page.

Sample signatures

  • a href="http://gals.jerked.com/
  • a href="http://briefnine.com/
  • a href="http://topdieta.ru/
  • a href="http://yoursurneim.ru/
  • a href="http://blowagain.com/
  • a href="http://blowscreen.com/
  • a href="http://www.blowdream.com/
  • a href="http://yoursurneim.ru/
  • a href="http://ballspice.com/
  • a href="http://thesemap.com/
  • a href="http://www.spinskipspin2.net/
  • a href="http://www.hotrxmedspot.com/
  • a href="http://www.dealsformeds.com/
  • a href="http://promorxnow.com/
  • a href="http://dramboveras.net/
  • a href="http://profekloreas.net/
  • a href="http://united-states-russian-dating.ru/
  • a href="http://redactjuri.info/
  • a href="http://gonow99999.net/
  • a href="http://www.cropcatch.com/
  • a href="http://angerdeluxe.com/
  • a href="http://myninsanerx.com/
  • a href="http://mightypharm1.com/
  • a href="http://reliablerxsource1.com/
  • a href="http://aglowfavor.com/
  • a href="http://directrxblog.com/
  • a href="http://meekthick.com/
  • a href="http://pronoerositio.co
  • a href="http://nuevopronoero.co
  • a href="http://seedvary.com/
  • a href="http://sendspruce.com/
  • a href="http://wowkickoj.net/
  • a href="http://warrantyfox.com/
  • a href="http://dragohuneas.net/
  • a href="http://minutewe.com/
  • a href="http://aglowson.com/
  • a href="http://sexy4sex.info/
  • a href="http://oncewest.com/
  • href="http://www.sie-sollten-auch-abnehmen.com
  • a href="http://safeonce.com/
  • a href="http://sexlightarea.com/
  • href="http://www.direkt-hilfe-potenz.com
  • a href="http://domainurlsales.com/
  • a href="http://storyso.com/
  • a href="http://trademay.com/
  • a href="http://prevalidoteas.net/
  • a href="http://donaterrosas.net/
  • a href="http://kassiopenasas.net/
  • a href="http://wirecount.com/
  • a href="http://bestwatchstyle1.com/
  • a href="http://www.extrawind.com/
  • a href="http://bandegg.com/
  • a href="http://planebird.com/
  • a href="http://setadore.com/
  • a href="http://hugespicy.com/
  • a href="http://vietongeras.net/
  • a href="http://privatoneas.net/
  • a href="http://burspin.net/
  • a href="http://www.recordten.com/
  • a href="http://aliner.info/
  • a href="http://flopertoveres.ru/
  • a href="http://americanwarrantyexpress.com/
  • a href="http://rosegone.com/
  • a href="http://cowdetionses.ru/
  • a href="http://theirdoes.com/
  • a href="http://bdoghepl.com
  • a href="http://towardown.com/
  • a href="http://www.sailallow.com/
  • a href="http://www.clockride.com/
  • a href="http://radiosize.com/
  • a href="http://www.victorif.com/
  • a href="http://bestcarwarranty4u.com/quote/index/118737
  • a href="http://dofe.info/?idAff=132
  • a href="http://airfreshsite.com/
  • a href="http://nowcallhere.com/
  • a href="http://datinggood.com/
  • a href="http://toreplasmoptes.net/
  • a href="http://gerl-007.ru/index.php?action=3
  • a href="http://themrelax.com
  • a href="http://qualitymedicaloffer.com
  • a href="http://pornorate.ru/index.php?idAff=136
  • a href="http://www.methodteam.com/
  • a href="http://checklong.com//
  • a href="http://www.alfamedshop.in/
  • a href="http://west-rx-med.net/
  • a href="http://greatbestman.com/
  • a href="http://www.sixarrive.com/
  • a href="http://altzspin.net/
  • a href="http://murgadobarotes.net/
  • a href="http://sundowutortes.net/
  • a href="http://jink.ru/index.php?idAff=136
  • a href="http://www.ledbroad.com/
  • a href="http://www.feelgoodbaby.com/
  • a href="http://viagrow-sales.com/
  • a href="http://writeselect.com/
  • a href="http://thegohub.com
  • a href="http://www.rxcenterzone.com.cn/
  • a href="http://www.abc-rx724.net.cn/
  • a href="http://hopenfaras.net/
  • a href="http://www.maleviagrow.com/
  • a href="http://probastondtes.net/
  • a href="http://www.clotheto.com/
  • a href="http://www.canadapharmsite.com/
  • a href="http://sexualmeet.ru/
  • a href="http://www.gathermakey.com/
  • a href="http://pove.ru/?idAff=132
  • a href="http://men-secret2010.info/
  • a href="http://spaceburn.com/
  • a href="http://varietyofrxmeds.com/
  • a href="http://dorehatotes.net/
  • a href="http://movercanotes.net/
  • a href="http://startgo-win.net/
  • a href="http://prettynote.com/
  • href="http://thequickereasierway
  • a href="http://getprescriptionsnow.com
  • a href="http://www.truckhungry.com/
  • a href="http://www.dadyard.com/
  • a href="http://thegohub.com/
  • a href="http://zionetovates.net/
  • a href="http://thequickereasierway.com/
  • a href="http://intewreadees.com/
  • a href="http://www.aglowlook.com/
  • a href="http://bestrussiansex.ru/
  • a href="http://www.stoodguide.com/
  • a href="http://www.causekept.com/
  • a href="http://www.pharm-iwant.net/
  • a href="http://guesslight.com/
  • a href="http://bornsugar.com/
  • a href="http://fabledon.com/
  • a href="http://avrasuportas.net/
  • a href="http://russiabride2010.com/index.php?idAff=136
  • a href="http://www.royalvegas-play.net/
  • a href="http://www.topjacksbucks.net/
  • a href="http://www.tireequal.com/
  • a href="http://stars-dating.com/index.php?idAff=136
  • a href="http://lovesexdatings.com/index.php?idAff=136
  • a href="http://cheaper-pharma.cn
  • http://mdok.net/Ebulk-Img.JPG
  • a href="http://mdok.net/
  • img height="529" src="http://www.jvdomain1.org/cow1.jpg
  • img src="http://www.cornerregion.com/about.jpg
  • img src="http://nydeta.ru/vb.gif
  • a href="http://pharmsawesomeuse.comz
  • a href="http://www.rxsuperspell.com/
  • img src="http://www.falllike.com/about.jpg
  • img src="http://www.fourinfinty.eu/about.jpg
  • a href="http://healthcentersoutlet.com
  • a href="http://secure.takeacainow.com/track
  • img src="http://www.costinch.com/about.jpg
  • http://theoldhelt.com/250x250_3.gif
  • a href="http://cheap-price-codeine.com
  • a href="http://famous-rxpills.com
  • font color="#a3a3a3" size="+3">Crazy party</font
  • font style="font-size:22px;color:blue">BEST ONLINE STORE !</font></a>/nowiki> * <nowiki>font color="#ff0000" size="18">&gt;&gt;&gt;Enter To Our Drugstore </font
  • font style="font-size:22px;color:blue">You can buy your meds online!</font
  • font color="red" size="4"><b>You can buy your meds online!</b></font
  • font style="font-size:22px;color:blue">Click here to get free pills</font
  • font color="red" size="4"><b>Click here to meet hot and wet girls!</b></font
  • font style="font-size:22px;color:blue">HOT AND WET GIRLS!</font
  • <b>&gt;&gt;&gt;Click on Picture Below and Download Our Free Software for Play and Win.

2. Preventing further infections involves examining the process for creating new sites, and ensuring it is not open to easy abuse. Where CAPTCHA methods are used, they need to be able to withstand the existing CAPTCHA automation tools that are prevalent on the Internet today. In fact, CAPTCHA is rapidly becoming an ineffective method of abuse prevention. A rugged CAPTCHA used in conjunction with an email challenge/response would be better. Manual activation would also improve security. Read about how inadequate the Live captcha is.

3. Recording the incoming IP address of new accounts would lead to another part of the fingerprint for automated detection and deletion.

4. Cleaning out existing and new sites needs to be a continuous, automated process. Simply removing sites reported by volunteers after the damage is done does not meet even the basic requirements for security. Currently that's all that Microsoft is doing.

Sample spams

Creating the perfect replica Designer phones is our most involved, complex and dedicated
pursuit. Beneath the slick polished exterior of a Vertu, lies the complicated and precise
interior chipset and software. To replicate them well requires a high level of expertise,
and that’s exactly where we seek to differentiate ourselves from our competitors. We create
the highest quality range of Vertu replicas in the market, easily distinguishable by the
high level of finish as well as the firmware and software, which are identical to the originals’

http://grassy46.spaces.live.com
Subject: 	 Russian wives are the best. 
11 new ladies profiles (dating) http://sent69.spaces.live.com
Subject: 	 Meet and marry a gorgeous Russian queen.
Julia sent new message for you http://facile5371.spaces.live.com
Subject: 	 Double your size in just two weeks
Get a jump on the competition with your huge rod - blow them all away
http://nottingham9337.spaces.live.com
Subject: A year ago you came to Russia, I remember you, write me!
I'll see you I really liked - let's get acquainted! I am from Russia! 
http://goggle094.spaces.live.com

How to report this spam

You can fill in a report form to notify Microsoft of this problem, if you go to http://mobile.spaces.live.com/ and click on "Report Abuse" Provide the details to help Microsoft resolve the problem under the form heading

Please provide as much detail as possible regarding the abuse or offensive behavior
you are reporting to help us investigate the issue quickly

Refer Microsoft to the listing at http://rss.uribl.com/hosters and to the sites to remove starting at at Spaces.live.com.list.1

Further Reading