North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Lame Yahoo social engineering scam

  • From: Scott Call
  • Date: Sat Feb 07 15:36:18 2004

I just got the following in my throw-away yahoo account:

    Dear* YAHOO Users,

    Th!s _email _inform_ you that your_ _Yahoo_ ID ([email protected])
will be b|ocked after 12 [email protected] (@S @FTER autoomateed reegisttration) if you
not sign up on YAHOO! WHITE LIST (T0 s!gnup - Click Here:

This is done beecause we* update now` YAHO0! _not_ autoomateed reegistered
user ids.



The URL is an encoded URL that of course points elsewhere.

My question is who is stupid enough to actually respond to an email
written in 'leet speak like this.

My other (and more important) question is, does this indicate yahoo's mail
reader suffers from the same URL obscufation bug that IE and Outlook have?
(I say have because all they did was turn of auth in URLs, not fix the

Also, as a side note I think I've found an interesting spammer/MyDoom
connection.  Thursday overnight somebody sent a pile of spam with my
return address.  Luckily nobody bothers to complain to the sender address
anymore but I still had to deal with 100+ bounce messages.  Anyways, this
morning I had a pile of MyDoom bounces in my mailbox.  So I'm wondering if
whatever master joe-job list the spammers use (since there seem to be just
a couple of remotely accessed repositories in my investigations) is also
used by MyDoom.


Scott Call	Router Geek, ATGi, home of $6.95 Prime Rib
I make the world a better place, I boycott Wal-Mart
VoIP incoming: +1 360-382-1814