I recently had a client who needed to send me a huge 50MB file. Emailing such a large file can cause problems for anyone, since it will take a long time to download, and most people actually have file size limits imposed on their email that would prohibit a file that large from coming through. There was a handy solution however. I just got an email with a link to a URL which pointed to a file sending service, which allowed me to download the file from my web browser at my convenience. I later discovered that this particular service allows files of up to 2GB to be downloaded. Great idea!

But let’s consider the security and spam potential of such services. First of all, these types of services are extremely useful, for sending large files back and forth between members of a workgroup. In cases where you’re working on a project, and you know that this is how you are going to be working, it’s invaluable. File size on some large projects can quickly grow to tens or hundreds of megabytes, and emailing them back and forth just isn’t practical. But, like anything, it has the potential for abuse.

Terry Zink’s blog carried an entry recently about a piece of spam  that came from one of the big Web email providers, which had a payload from one of these cloud-based file service providers. The scenario is that a spammer sends out random emails, which claim that the recipient needs to download a file. The file however, contains malware of some sort. It could even be used in a directed phishing scheme, where a spammer obtains email addresses from a victim, then sends out emails to all of the victim’s friends and business associates, pretending to be that individual.

So when using these cloud-based file services, there are a few things to consider: First, be sure that you have anti-malware technology in place. Second, if you’re not expecting a file link to come through, then check first to make sure the alleged sender really did send it.