There’s nothing particularly new about Yahoo! group spam (no, wait, don’t go yet!) and I haven’t wasted much time on it so far, as what I’ve seen is pretty crude
But I’ve been noticing an increasing number of emails to one of my most visible accounts welcoming me to groups with random names: stuff like this.
From: nrtxiwolc Moderator <nrtxiwolc-owner[@]yahoogroups.com>
Subject: Welcome to the nrtxiwolc group
I’ve added you to my nrtxiwolc group at Yahoo! Groups, a free, easy-to-use service. Yahoo! Groups makes it easy to send and receive group messages, coordinate events, share photos and files, and more.
Description of the group:
uonrpiwkzvwivq pjkgaoqnavhhmaekdqfbxdeeavk nudwaa
Important information about the nrtxiwolc group
[Apparently standard Yahoo! groups information on sending a message to the group, unsubscribing, learning more about the group, viewing and modifying all my groups]
[Apparently the standard Yahoo Report abuse note]
While I haven’t taken any action on these to date, I’ve done a little reading round on the subject, and found a pretty comprehensive note at Ikillspammers from someone who’s evidently gone a lot further down this road and met with some frustration. The note goes way back to July, so I wondered if Yahoo!’s handling of the problem had changed and maybe even improved? So I wended my way to its abuse reporting form (starting from one of its official pages, of course, rather than the link in the message – if the message is suspect, obviously all the links are too).
I pasted the headers and message into the form and got an auto-response saying that I’ll get a response in 48 hours: we’ll see…
In the meantime, I checked back on my spam trap for that email account, and sure enough, there’s a whole load of spam apparently originating in China and mailed to this group and the many others to which I’ve apparently been subscribed. I checked out this particular group and discovered that in the last seven days, there were 20 new members (41 members altogether) and 21 new messages, of the same delightfully incomprehensibly ideogrammatical type. That isn’t much, considering the volumes of spam from all sources that hit that account, but when you multiply that by the hundreds of such groups that are apparently being created on a daily basis, you start to get a feeling for the scale of the problem.
What can you do about this, if you’re having the same problem? Well, you can report each case of abuse individually, but that might prove a little time consuming. Or you can unsubscribe from each group by sending a blank message to [groupname]-firstname.lastname@example.org. You can filter all mail with yahoogroups URLs, though that may be problematical if you’re actually a member of legitimate groups.
But making a real dent in the problem is going to require more diligence from Yahoo! Perhaps a streamlining of the reporting process: it seems that it’s much easier to create a group than report abuse. So certainly a tightening up of the group creation process. How about it, guys?
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter: http://twitter.com/esetresearch
ESET White Papers Page: http://www.eset.com/download/whitepapers.php
Securing Our eCity community initiative: http://www.securingourecity.org/
Author David Harley, ESET