Spammers Abusing Yahoo’s Mail Servers to Escape Detection

According to internet security company, MessageLabs, spammers are exploiting Yahoo's mail servers in order to get pass filters. By digitally signing their e-mails by employing Yahoo's DKIM (Domains Key Identified Mail), a persuasive spam filter, the spammers try to present their e-mail as legitimate.

Security researchers at MessageLabs showed that spammers, instead of sending their e-mails through Yahoo's Web front, are relying on the company's Simple Mail Transfer Protocol (SMTP) servers with which Yahoo users can operate any e-mail system.

Almost all the spam distributed through this mode by using Yahoo Mail is from the Yahoo! Plus server that represents a premium service. To set up Yahoo accounts, e-mail spammers are employing automatic scripts that manage to crack the Completely Automated Turing Test to Tell Computers and Humans Apart or CAPTCHA system.

In doing that, the usual Yahoo ad banners are stripped out while the e-mail is validated as legitimate, so that it bypasses the standard spam filters. Any user owning a typical Yahoo account can further validate to the Yahoo Plus servers and transmit e-mail, without even having to pay the service charge.

In April 2008, MessageLabs discovered that about 1,127 Yahoo user addresses were used to dispatch this new type of spam for more than 28 days. Since then, approximately 40 new addresses are being created each day while the user IDs are not shared among the different poisoned computers.

Specifically, the spam clan that is employing this new tactic of spamming is called Canadian Pharmacy uses Yahoo's servers. This coterie used at least 1,100 specially produced e-mail accounts over the whole period.

According to Mark Sunner, Chief Security Analyst, MessageLabs, the Yahoo accounts pertaining to a single domain of @yahoo.co.uk seem as though they have been generated of their own, as reported by C/Net on May 7, 2008. That means the malicious hackers have been able to defeat Yahoo's CAPTCHA program.

However, in much the same news, MessageLabs also announced that in April 2008, the Storm botnet dramatically dropped to 5% of its actual size, whereas Web-based malware went up 23.3%. Hence, users need to up-to-date their security software to stay safe.

Related article: Spammers Continue their Campaigns Successfully

» SPAMfighter News - 5/15/2008