[tlow]

FTA: No. It is not a fitting explanation for spam or phishing prevention. The author claims that these sites rarely use https.

Furthermore they used test URLs containing hypothetical login credentials and showed how skype would get access to these.

The last troubling bit the author points out is that there seemed to be anomalous traffic to URLs shared in a skype conversation, where a microsoft IP seemed to attempt what they call a "replay attack".

[nivla]

> It is not a fitting explanation for spam or phishing prevention.

It is very common for spammers to break into other websites (using simple well known exploit) and create links redirecting to the site hosting the malware. So a site should not be excluded just because it has SSL.

Edit: "should" -> "should not"

[tlow]

Is it possible that you meant to say not as in "a site should not be excluded just because it has SSL"?

[nivla]

Yup sorry, that is what I meant to write: "should not".

[bskap]

Because "rarely" means "they should just ignore them- no malware hoster would ever use HTTPS, especially not if they ever figured out that Microsoft was only checking HTTP URLs". Also, anyone sending log-in information in a GET request is doing it wrong.