You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by Michael Scheidell <sc...@secnap.net> on 2009/06/20 15:09:23 UTC

interesting phish for yahoo credentials or stupid spammer

spam, with a url link in it that opens up a yahoo.com web mail page and 
asks for yahoo.com credentials.

don't know how that can help spammer, unless spammer is looking to only 
get email from yahoo.com users.

see line 119 (highighted)

http://pastebin.com/m6bb65f86

so, interesting phish or stupid spammer with yahoo.com gooplet installed?


-- 
Michael Scheidell, CTO
Phone: 561-999-5000, x 1259
 > *| *SECNAP Network Security Corporation

    * Certified SNORT Integrator
    * 2008-9 Hot Company Award Winner, World Executive Alliance
    * Five-Star Partner Program 2009, VARBusiness
    * Best Anti-Spam Product 2008, Network Products Guide
    * King of Spam Filters, SC Magazine 2008

_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r). 
For Information please see http://www.secnap.com/products/spammertrap/
_________________________________________________________________________

Re: interesting phish for yahoo credentials or stupid spammer

Posted by Steve Freegard <st...@fsl.com>.

Michael Scheidell wrote:
> spam, with a url link in it that opens up a yahoo.com web mail page and
> asks for yahoo.com credentials.
> 
> don't know how that can help spammer, unless spammer is looking to only
> get email from yahoo.com users.
> 
> see line 119 (highighted)
> 
> http://pastebin.com/m6bb65f86
> 
> so, interesting phish or stupid spammer with yahoo.com gooplet installed?
> 

X-Mailer: Zimbra 5.0.9_GA_2533.UBUNTU8_64 (zclient/5.0.9_GA_2533.UBUNTU8_64)

Or just Zimbra trying to be helpful and applying it's 'cool'
linkification on an outbound mail?

Cheers,
Steve.

Re: interesting phish for yahoo credentials or stupid spammer

Posted by mouss <mo...@ml.netoyen.net>.

Michael Scheidell a écrit :
> spam, with a url link in it that opens up a yahoo.com web mail page and
> asks for yahoo.com credentials.
> 
> don't know how that can help spammer, unless spammer is looking to only
> get email from yahoo.com users.
> 
> see line 119 (highighted)
> 
> http://pastebin.com/m6bb65f86
> 
> so, interesting phish or stupid spammer with yahoo.com gooplet installed?
> 


this is not a phish. it's a 419 (AFF). spammer is asking the user to
reply, and being "helpful", spammer provides a ready-to-compose yahoo
link. spammer probably did a cut&paste of a link that works for yahoo
users and thinks it is generic. unless he only targets yahoo users...