Yahoo Groups Spam

While the dominant Internet email providers (Hotmail, MSN, AOL, Gmail & Yahoo) frequently talk about their commitment to fighting spam, they are actually amazingly inattentive to the rampant spam abuses allowed and enabled by their own systems.

We only occasionally point out examples of how sloppy, permissive and ineffectual these firms are in regards to spam, because thoroughly documenting the spam faults of these enterprises would be a full time job in and of itself.

That said, from time to time the abuses are just so obvious (easy to spot and catch) rampant and perpetual that we can’t help but wonder if they even deploy more than 2 or 3 high-school summer interns to their entire anti-abuse efforts.

We realize that they do all expend effort on filtering inbound spam emails from reaching their own users.  Where they are apparently asleep at the wheel is in preventing their systems from being abused by spammers to send out emails and/or to host spam landing pages.

The latest example of such unchecked abuse is the spammers using Yahoo Groups to host and promote online sales of spammed pharmaceuticals (or at least brightly colored pills claiming to be the real thing).

The first clue you’re receiving such spam will be the short and cryptic subject line, often making little sense and pretending to be a response or forwarded email, such as:

Subject:      Re: What?up?

The next obvious thing that makes these so easy to spot are the completely nonsensical sender addresses, like:

From:     “Aldo Cramer” <slkdjflk@gmail.com>

Note that the Pretty Address used here isn’t even remotely related to the email address itself, which is itself spoofed as it actually came from an infected overseas PC zombie which is part of a larger worldwide botnet:

from [189.99.100.56] (helo=ip-189-99-100-56.user.vivozap.com.br)

As for the email itself, it’s a short and straightforward spam, reading:

Talk with your partner before you finally choose the treatment for your erectile dysfunction.

http://health.groups.yahoo.com/group/vdmike020974mdd/message

Ahmed Rutherford

As simple as this email campaign is, the introduction line and the claimed sender will be highly randomized in an effort to evade spam filtering.

While the sender/subject/mail-server and content varies greatly, what is consistent is the longstanding and ongoing abuse of the Yahoo Groups as a convenient place to host landing pages for these spam emails. The specific example above may eventually be taken down, so here’s a screen shot of what Yahoo is hosting in growing numbers:

Yahoo Health Groups Spam
Click for Larger Image

These images are displayed on the Group’s landing page,  but are actually linked to outside image hosting sites. The one above is actually hosted at:

http://file.zigzagz.net/photo/original/2010063005174652172730.jpg

And the advertisement itself links to any number of outside sites used by the spammers to take orders.

It is this unique combination of circumstances that should make these an absolute no-brainer for Yahoo to catch and remove.  Consider how incredibly obvious the clues are:

  1. A large image displayed on the Group homepage
  2. The image is hosted on outside services
  3. The image is hyper-linked to known spammer sites
  4. Little, if any, additional content exists on the “Group” page

Making it even easier to identify such spam abuses, these groups generally have no members, no posts and no other activity either. They are put in place solely to function as spam landing pages for spam email campaigns and are pretty easy to find if Yahoo cared about such abuses and bothered to look.

We would understand if it took Yahoo a couple of hours (a virtual eternity in CPU cycles) to notice and remove such bogus  “Groups” – or maybe even a day. Unfortunately, Yahoo not only makes it much too easy for spammers to create these bogus “Groups” in the first place, but then also allows them to remain online, almost indefinitely.

A few keyword searches from within Yahoo Groups will easily find both spam Groups and Posts going back a year or more, making it entirely possible that they don’t even assign high school summer interns (or anyone else) to the task of keeping their Yahoo Groups free from such spam abuses.

In fact, there may be no real enforcement effort whatsoever. Perhaps Yahoo simply looks the other way in order to be able to count these endless bogus Groups and Posts as part or their overall Internet footprint.

Meanwhile, it’s the rest of the Internet users that have to suffer the consequences created by Yahoo (and others) providing tools for spammers to abuse and then doing little or nothing to clean up even the most obvious of abuses on their network.

- -

OnlyMyEmail is an award winning hosted spam filtering service and business email hosting provider. Our enterprise cloud computing anti-spam solution, the MX-Defender, has the highest capture rate of any spam filter ever tested in the VBSpam Challenge, blocking a record setting 99.9993% of all malicious and junk email.

Our Personal spam filtering system is also a Software as a Service (SaaS) solution and has won both the PC World "World Class Award" and also the PC Magazine "Editor's Choice Award."

OME-Kids is a webmail solution that protects children from spam and other harmful emails. OME-Kids offers unique Parental Controls that allow you to choose the level of security and oversight that's right for your child.

Tags: ,

Comments are closed.