Security News > 2021 > October > Microsoft called out as big malware hoster – thanks to OneDrive and Office 365 abuse

Microsoft has been branded as "The world's best malware hoster for about a decade," thanks to abuse of the Office 365 and Live platform, as well as its slow response to reports by security researchers.

TheAnalyst noted that a BazarLoader malware campaign was hosting its malware on Microsoft's OneDrive service.

The latest statistics show that Microsoft has the worst reaction time of any in the top ten sites hosting the most malware urls, at over 29 days.

According to the figures, Google hosts more malware and is also slow to remove it, but with a 14-day response time it is twice as quick as Microsoft.

Ch, which runs URLhaus, said "For the record, the oldest active malware site with an age of 19 months is hosted on Sharepoint and serving GuLoader." It added: "I've seen an increase of 10 new malware sites hosted at MS over the weekend. Whatever they do with these reports filled out through the MSRC API, it is definitely not automated." MSRC is the Microsoft Security Response Center.

The Microsoft sites hosting malware use OneDrive accounts that might have been created specifically for the purpose, or hijacked from legitimate users.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/10/18/microsoft_malware_brand/