Re: Yahoo single link spam

[Steve Prior <sp...@geekster.com>]

On 2/23/2013 10:56 AM, Kevin A. McGrail wrote:
> I am 100% certain that it is compromised accounts on yahoo where they steal the
> address books. They then seem to cross correlate and use common last names to
> mail people using other compromised yahoo accounts. Though I need to check if
> they have started forging as well through other servers.
>
> I have seen a lot of these examples and have specific patterns that make this
> the only possibility.
> Regards,
> KAM


I've just confirmed that I received the single link Yahoo spam between me and 
someone else where neither of us had the other in each others Yahoo address 
book, so the only thing this had to do with Yahoo was that a third party Yahoo 
account was used to send the spam.  In fact the person who I supposedly got the 
email from was a pretty recent contact of mine and we had pretty much only 
communicated with each other via LinkedIn and Facebook.

I'm really starting to suspect that these spammers are scraping your public 
posts on Facebook and grabbing the names of people that commented on those 
posts, then using a Yahoo account and setting that name on the account before 
sending the spam.  The only issue is how do they find the legitimate email 
addresses of the person to send the spam to.  I wouldn't be at all surprised to 
hear that this had something to do with a Facebook app people let have access to 
their account info.

Steve

Re: Yahoo single link spam

[Martin Gregorie <ma...@gregorie.org>]

On Thu, 2013-02-28 at 20:34 -0500, Steve Prior wrote:

> I'm really starting to suspect that these spammers are scraping your public 
> posts on Facebook and grabbing the names of people that commented on those 
> posts, then using a Yahoo account and setting that name on the account before 
> sending the spam.  The only issue is how do they find the legitimate email 
> addresses of the person to send the spam to.  I wouldn't be at all surprised to 
> hear that this had something to do with a Facebook app people let have access to 
> their account info.
> 
Thats not the only mechanism they're using. I don't use any social
networking sites yet I get a small amount of spam sent via Yahoo too. In
my case the forged sender has usually been presented as a member of a
mailing list I subscribe to, though the last example had got my address
via a virus or trojan on a friend's Windows box and somehow knew that he
sends sport-related multiply addressed e-mails from time to time: the
spam's subject line looked as if it was one of them and the only real
giveaway was that the single line payload pushed a Romanian site when
the genuine e-mails are exclusively about British topics.

Martin