Yahoo Group Spam

There’s nothing particularly new about Yahoo! group spam (no, wait, don’t go yet!) and I haven’t wasted much time on it so far, as what I’ve seen is pretty crude

But I’ve been noticing an increasing number of emails to one of my most visible accounts welcoming me to groups with random names: stuff like this.

From: nrtxiwolc Moderator <nrtxiwolc-owner[@]yahoogroups.com>
Reply-To: nrtxiwolc-unsubscribe[@]yahoogroups.com
Subject: Welcome to the nrtxiwolc group

Hello,

I’ve added you to my nrtxiwolc group at Yahoo! Groups, a free, easy-to-use service. Yahoo! Groups makes it easy to send and receive group messages, coordinate events, share photos and files, and more.

Description of the group:
————————————————————————
uonrpiwkzvwivq pjkgaoqnavhhmaekdqfbxdeeavk nudwaa

Important information about the nrtxiwolc group
————————————————————————

[Apparently standard Yahoo! groups information on sending a message to the group, unsubscribing, learning more about the group, viewing and modifying all my groups]
 

Regards,

Moderator, nrtxiwolc

[Apparently the standard Yahoo Report abuse note]

While I haven’t taken any action on these to date, I’ve done a little reading round on the subject, and found a pretty comprehensive note at Ikillspammers from someone who’s evidently gone a lot further down this road and met with some frustration. The note goes way back to July, so I wondered if Yahoo!’s handling of the problem had changed and maybe even improved? So I wended my way to its abuse reporting form (starting from one of its official pages, of course, rather than the link in the message – if the message is suspect, obviously all the links are too).

I pasted the headers and message into the form and got an auto-response saying that I’ll get a response in 48 hours: we’ll see…

In the meantime, I checked back on my spam trap for that email account, and sure enough, there’s a whole load of spam apparently originating in China and mailed to this group and the many others to which I’ve apparently been subscribed. I checked out this particular group and discovered that in the last seven days, there were 20 new members (41 members altogether) and 21 new messages, of the same delightfully incomprehensibly ideogrammatical type. That isn’t much, considering the volumes of spam from all sources that hit that account, but when you multiply that by the hundreds of such groups that are apparently being created on a daily basis, you start to get a feeling for the scale of the problem.

What can you do about this, if you’re having the same problem? Well, you can report each case of abuse individually, but that might prove a little time consuming. Or you can unsubscribe from each group by sending a blank message to [groupname]-unsubscribe@yahoogroups.com. You can filter all mail with yahoogroups URLs, though that may be problematical if you’re actually a member of legitimate groups.

But making a real dent in the problem is going to require more diligence from Yahoo! Perhaps a streamlining of the reporting process: it seems that it’s much easier to create a group than report abuse. So certainly a tightening up of the group creation process. How about it, guys?

David Harley BA CISSP FBCS CITP
Director of Malware Intelligence

ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter: http://twitter.com/esetresearch
ESET White Papers Page: http://www.eset.com/download/whitepapers.php

Securing Our eCity community initiative: http://www.securingourecity.org/

Author David Harley, ESET

  • http://spamtrackers.eu/wiki/index.php/Yahoo_Groups Mark Giles

    October 21

    This subject is well documented in the wiki at http://spamtrackers.eu/wiki/index.php/Yahoo_Groups

    Yahoo is now achieving a better than 60% removal rate of these spams, and that will improve very soon as they implement measures to address it properly.

  • joe

    @mark – the link you provide doesn't document this phenomena at all – your link describes redirection links sent via yahoo groups.  This article is about people being added to groups they didn't request, using yahoo accounts that they didn't create, a far more serious phenomena!

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
17 Sep 2009
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.