My first phishing spam that exploits the YouSendIt service

Today, I received my first instance of malware using YouSendIt. I don’t blame the service, any more than you should blame carriers for regular email spam.

I’m a major fan of the YouSendIt service, which is an FTP replacement. You use the service to upload a file, either via a browser or their Express client for Mac/Windows. The file can be huge — up to 100MB with a free account, or up to 2GB for paid accounts. After the file is uploaded, YouSendIt sends an email notification to the recipient(s), and they can retrieve it at their leisure via HTTP download.

I use YouSendIt all the time to send large digital files, including photographs, to my colleagues. (You can read my comments about the Express client here.)

In the case of today’s phishing spam, the email I received was a valid file notification sent via YouSendIt. The problem is that the sender was a spammer, and the payload was a Word document that was a phishing attempt.

The particulars:

• The subject line, as entered by the spammer: Emergency From Mrs. Aisha Al-obeid ( Iraq Woman Read It Well)
• The return address given by the spammer: email hidden; JavaScript is required
• The name of the Word document: Attn from iraq woman.doc
• The message body: Dear please download the file and read my mail, I want to invest in your country from Iraq woman

The Word doc contained was the usual type of phishing message. You’ve seen them hundreds of times.

If you get a message like that, don’t just put it into your junk/spam folder, or block the sender (which really is email hidden; JavaScript is required). Otherwise you might not get future legitimate, file notifications sent by YouSendIt. Just delete the message.

It’s a shame that the YouSendIt service is being abused this way. I hope YouSendIt finds a way to filter out such messages in the future, perhaps by disabling the sending of anonymous or non-verified messages.