Free Web Hosting a Fount of Malware

daria42 writes "It looks as if free Web space services are increasingly being used to host spyware, with Internet security firm Websense claiming more of such dodgy material was found on free hosting services during the first two weeks of July than in May and June combined. "These fraudulent, free personal Web sites have an average lifespan of two to four days, making them difficult to trace," said an executive from the company."

How to trust ANY new web service?

[Ohmster]

It's not just fake hosting services with malware and other phishing scams. It's getting so that one gets suspicious of any kind of new service that crops up on the web. The other day, I got excited seeing this service that promised to turn my blog contents into a printed book. I tried it, but then got worried that it was a phishing scam. And cancelled my attempts to use the service. What does mean for the promise of "web services" in general? More on the "blog into book" experience here: ahref=http://mp.blogs.com/mp/2005/07/s_11.htmlrel= url2html-21790http://mp.blogs.com/mp/2005/07/s_11. html>

Re:How to trust ANY new web service?

[patio11]

That would be a NASTY phishing scam.

"Hello, we are Human Resources Solutions International. One of our clients has contracted with us to process your recent job application. You have the option of either waiting for our letter to arrive via registered mail or entering your data in our secure web server located at https://www.scamyourbuttoff.com./ Please note that your application cannot proceed until we have completed our investigation, so it is in your best interest to respond promptly. Thank you and if you have any questions about your employment process please mail Mary Jo at nevergetareply@scamyourbuttoff.com."

Fire that off to 100,000 people and I'll bet probably half of the ones actively doing job searching will go to your website without a second thought.

Convoluted to sign up?

[Anakron]

From TFA:

They make you type in a word that has been obscured as an image to stop them from being set up automatically

Does anyone know how effective these schemes really are? Is there a study that measures how effective this is?

wondering...

[eobanb]

I was wondering, how do these people typically register accounts with free web services? Our site was having a problem with comment spam, so a CAPTCHA test tends to do the trick basically all the time. On the other hand, I've also heard about defeating the test by starting a porn site and then taking the image and showing it to visitors and basically just having them type the right answer and they get to see 10 pictures or something. What we ended up doing was a word riddle, like "The quick brown fox jumped over the lazy ___s" or "3 + 5 = _" So if automated registering of these accounts is a problem, that's what I would suggest. Or you could surely just prohibit any files with a .bat or .exe or .whatever extension, and only allow .html, .gif, .jpg, .png, .wav, .txt, and a few more. I mean, if it's a free service, you get what you pay for. If you really need to host programs it shouldn't be too much trouble for you to buy something for $5/month. All in all this doesn't really seem like that outrageous of a problem.

Re:Who would have guessed???

[superpulpsicle]

The dilemma is... if they got rid of free hosting. Then only those who can afford $$ monthly hosting bills can host. It's tough to shoot for democracy when only people with money can have a voice online. Let's not tear down the tree and the whole neighborhood due to a couple bad apples.

Re:What are you gonna do?

[fireboy1919]

I think it's pretty clear that the problem is the same as spam: the opportunity cost is too low.

There are many, many things that one could do to make it reasonable. You could have them send a $1 bill, or pay a similar trifling amount through an online broker, or even require a waiting period during which content is machine-inspected for scamming.

I personally use a "free" server that pretty much keeps spam at bay by requiring a $1 bill sent through the mail in order to gain memebership.

Re:CAPTCHAs (was Re:Convoluted to sign up?)

[morcheeba]

I thought CAPTCHAs would be pretty effective, until I heard of this cool scheme to get around them:

1. Spammer X wants to sign up for 100 free email accounts at free-accounts-Y.
2. Spammer X has a small cache of porn.
3. Spammer X puts up a website to allow access to his porn & promotes it
4. To see Spammer X's porn, Joe Average must sign up at Spammer X's website.
5. Signing up involves, you-guessed-it, a CAPTCHA!
5a. Joe requests to sign up
5b. Spammer X requests an account at free-accounts-Y and gets a CAPTCHA request.
5c. Spammer X presents this same request on their website to Joe
5d. Joe solves the CAPTCHA and returns the info to Spammer X
5e. Spammer X passes that info to free-accounts-Y
6. Repeat steps 5a-5e for lots of Joes. Result: lots of email accounts for Spammer X.

As long as the CAPTCHA is not impossible, people will process them for you for almost free.

The Register has a slightly different take

John Leyden at The Register has a slightly different take on this story. Essentially Websense is a company trying desperately to sell its "security products" through a campaign of FUD and blatantly obvious "alerts". I think most people here see this as the latter, while most of Websense's target audience probably fall into the former target audience.