An Email Spammer’s Delight

Wednesday, October 5, 2011 @ 03:10 PM gHale

Because users consider any email arriving from Yahoo or Google legitimate and useful, spammers take advantage of this to spread malicious messages.

Sophos’ Chester Wisniewski said there has been a higher level of spam email coming from Google Picasa and Yahoo! Groups all attempting to cast spam alerts.

RELATED STORIES
Battle against Botnets
Flying Drone can Attack Wireless Networks
TSA Hikes Wireless Security
Man in the Middle Attack? Not So Fast

In the case of Google’s Picasa, it is simple. A hacker creates a random account that contains text and some attached pictures shared with other members.

That’s how you might end up receiving a large number of Picasa web albums.

Because no one suspects anything sinister coming from the picture manager, it never ends up in the spam folder of the inbox, instead it floods the inbox with all sorts of scam attempts.

With Yahoo! Groups the principle seems a bit more complicated, but spammers can just as easily take advantage of the policy slip.

The rules allow anyone who owns a group to add members without asking for their permission. Instead, after you unknowingly become a part of a group, you have to unsubscribe in order to stop receiving alerts.

Utilization of this mechanism is successful and as Chester pointed out, in many cases it’s not the easiest thing to unsubscribe. Another one of Yahoo’s policies makes certain links expire “to prevent abuse,” thus making it impossible to cancel a subscription.