Lame Yahoo social engineering scam

Scott Call scall at devolution.com
Sat Feb 7 20:34:05 UTC 2004


I just got the following in my throw-away yahoo account:

    Dear* YAHOO Users,

    Th!s _email _inform_ you that your_ _Yahoo_ ID (xxxxx at yahoo.com)
will be b|ocked after 12 D at YS (@S @FTER autoomateed reegisttration) if you
w1ll
not sign up on YAHOO! WHITE LIST (T0 s!gnup - Click Here:
http://xxxxx.yahoo.com/)

This is done beecause we* update now` YAHO0! _not_ autoomateed reegistered
user ids.

cGTaXb0T1

---------

The URL is an encoded URL that of course points elsewhere.

My question is who is stupid enough to actually respond to an email
written in 'leet speak like this.

My other (and more important) question is, does this indicate yahoo's mail
reader suffers from the same URL obscufation bug that IE and Outlook have?
(I say have because all they did was turn of auth in URLs, not fix the
problem)

Also, as a side note I think I've found an interesting spammer/MyDoom
connection.  Thursday overnight somebody sent a pile of spam with my
return address.  Luckily nobody bothers to complain to the sender address
anymore but I still had to deal with 100+ bounce messages.  Anyways, this
morning I had a pile of MyDoom bounces in my mailbox.  So I'm wondering if
whatever master joe-job list the spammers use (since there seem to be just
a couple of remotely accessed repositories in my investigations) is also
used by MyDoom.

-Scott

-- 
Scott Call	Router Geek, ATGi, home of $6.95 Prime Rib
I make the world a better place, I boycott Wal-Mart
VoIP incoming: +1 360-382-1814




More information about the NANOG mailing list