Share this article

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Microsoft security analyst says Office 365 knowingly hosted malware

4 min. read

Published onOctober 18, 2021

published onOctober 18, 2021

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

Key notes

Hold on to your seats and keep your arms inside the carriage at all times, because this ride is about to get bumpy.

A British tech researcher, who quit working as a security threat analyst with Microsoft a few months back, has called on his former employer to act swiftly and remove links to ransomware on its Office365 platform.

Bet you didn’t see that coming, did you?

Former Microsoft employee exposes ransomware scheme

In a tweet sent on Friday, Beaumont said that Microsoft cannot advertise themselves as the security leader with 8000 security employees and trillions of signals if they cannot prevent their own Office365 platform from being directly used to launch Conti ransomware.

He was, of course, responding to a tweet from an infosec professional using the handle TheAnalyst.

You all have read how#BazarLoader#BazaLoaderleads to#ransomware, in particular#contithat doesn’t care that they target healthcare etc? Does@Microsofthave any responsibility in this when they KNOWINGLY are hosting hundreds of files leading to this, now for over three days?https://t.co/UxTDYVIXJFpic.twitter.com/uHUxzHRV8W

According tothe security company Palo Alto Networks, BazarLoader (sometimes referred to as BazaLoader) is malware that provides backdoor access to an infected Windows host.

After a client is infected, criminals use this backdoor access to send follow-up malware, scan the environment and exploit other vulnerable hosts on the network.

An overwhelming majority of ransomware attacks only Windows, with an analysis by the staff of the Google-owned VirusTotal database last Thursday showing that 95% of 80 million samples were analyzed.

VirusTotal is a site where security researchers can submit any ransomware they find and have it scanned by anti-virus engines to see if it can be identified.

Beaumont, who has a well-earned reputation as a researcher who is quick to admit faults in his own industry, acknowledged that other technology companies also played a big role in hosting malware.

He also said that there’s somebody in the replies from Microsoft saying when things are detected by Defender, they’re automatically taken down in OneDrive.

That’s categorically not true, that functionality isn’t there. Microsoft needs to have a long, hard look at this problem.

There you go. Let’s see how long it takes for MS to get those 867 malware sites taken down. I’m crossing my fingers ?For the record, the oldest active malware site with an age of 19 months is hosted on Sharepoint and serving GuLoader:?https://t.co/QGqi21z7JOpic.twitter.com/7FlkaZasP4

Bazarloader had moved from Google Drive to OneDrive, according to these recent allegations.

Their content used to be taken down from Google Drive almost instantly because, we, Microsoft, reported it to Google. It is still online, days later, on OneDrive despite being reported, because Microsoft is fumbling it. Fix it.

Asked by Lee Holmes, the principal security architect for Azure Security, whether he had reported this to Microsoft, Beaumont said the Swiss researcher had done so.

I had to do things list send to CERT, get nowhere, send to DSRE, get nowhere, cc in managers etc. O365 hashttps://abuse.chtakedowns pending for months.

Beaumont added that Microsoft’s attitude towards the presence of malware on its Office365 platform had been like that for years.

@ffforwardDid you report these? There are extensive systems to address malicious content (including an abuse reporting API)https://t.co/cSRbLEiLKn

However, this is not a Microsoft-exclusive problem nor a new issue, as we have seen malware hosted on other platforms in the past.

According to research by the Bern University of Applied Sciences, Google and Cloudflare are currently among thetop online malware-hosting networks.

As such, the entire tech industry needs to be better about finding malicious content hosted on its servers before looking elsewhere for problems.

In any case, hopefully, this incident will drive Microsoft to decisive action that can help protect millions of people and thousands of organizations from debilitating malware attacks.

What’s your take on this whole situation? Share your opinion with us in the comment section below.

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low#

Copilot in Outlook will generate personalized themes for you to customize the app#

Microsoft will raise the price of its 365 Suite to include AI capabilities#

Death Stranding Director’s Cut is now Xbox X|S at a huge discount#

Outlook will let users create custom account icons so they can tell their accounts apart easier#

Microsoft security analyst says Office 365 knowingly hosted malware#

Former Microsoft employee exposes ransomware scheme#