Interesting People mailing list archives
more on Yahoo IM "spoofing", "SPIM", and redirect
From: David Farber <dave () farber net>
Date: Tue, 21 Feb 2006 19:12:23 -0500
Begin forwarded message: From: Travis Winfrey <winfreyt () yahoo com> Date: February 21, 2006 6:35:47 PM EST To: dave () farber net Subject: Re: [IP] Yahoo IM "spoofing", "SPIM", and redirect Reply-To: Travis Winfrey <winfreyt () yahoo com>I little out of date, but I ran this by my security person at work, and he said:
Look at any e-mails you get from Yahoo – including emails sent to you from Yahoo users. Look at the footer, and you’ll see some Yahoo advertisement of some kind and a URL. The URL uses the redirector. The redirector has no restrictions whatsoever. Typically when Yahoo uses it, it redirects to another yahoo.com address.
I configured Postfix to look for these redirector addresses in e-mail and reject mails if the redirected address is not itself a Yahoo address.
Spammers have been using these redirectors since the day Yahoo (and eBay) made them available. Why they don’t add restrictions, I can’t imagine.
----- Original Message ---- From: David Farber <dave () farber net> To: ip () v2 listbox com Sent: Thursday, January 19, 2006 3:12:52 PM Subject: [IP] Yahoo IM "spoofing", "SPIM", and redirect Begin forwarded message: From: Tracy Hall <tracy () broadbandphysics com> Date: January 19, 2006 4:22:47 PM EST To: dave () farber net Subject: Yahoo IM "spoofing", "SPIM", and redirect You may have already seen something like this: I just received an IM on Yahoo from a "ychat_violation_dept_yq4", claiming to be from Yahoo!, and claiming to have have received "...multiple reports of abuse...", and asking me to click on a link "...to avoid terminating your account...". The link? Starts off simple enough: ht|p://in.rd.yahoo.com/in/fp/dir/ But in full : ht|p://in.rd.yahoo.com/in/fp/dir/?ht|p://tjek.nu/7k ["|" sub'ed for "t" to make sure nothing turns them into active links] In other words, using a "legitimate" yahoo address to re-direct to, well, wherever-the-heck it redirected to. I've tested that it does re-direct by sub'ing my own URL for the "tjek.nu" one, and it does do so, without any message, warning, information or option. 'Course, I don't click *any* link without checking it six-ways-from- sunday, but still... Tracy Hall ------------------------------------- You are subscribed as winfreyt () yahoo com To manage your subscription, go to http://v2.listbox.com/member/?listname=ipArchives at: http://www.interesting-people.org/archives/interesting- people/
------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on Yahoo IM "spoofing", "SPIM", and redirect David Farber (Feb 21)