D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Joining the Yahoo! spammers club

 


On Apr 25, 2013 10:34 PM, "Simon Waters" wrote:
> Trouble is, whilst Yahoo have more pieces of the puzzle than we do, the
> only people we know "must" know are the spammers themselves. The
> information must be coded in the software doing the spamming, although
> possibly obliquely.

Not necessarily. It could be one group of crooks sending the spam buying credentials off another group who have hacked the accounts. Given the correct credentials it doesn't take rocket science to send to spam. (It does take a botnet to get past the rate-limiting Yahoo presumably put in place.)

You can buy credentials in bulk on the black market. Last I heard the prices weren't more than a few tenners for a thousand accounts. When I saw them Yahoo was a bit cheaper than Gmail, but the difference wasn't huge. I haven't seen any recent prices; would be interesting to see what happens to Yahoo.

I have measured spam sent from compromised Yahoo accounts being a factor 40 worse than Gmail.

> On the upside that it isn't happening from Google, or AOL, or Microsoft,
> on a similar scale suggests that they are running a tighter ship (or the
> spammers have it in for Yahoo, or maybe insider knowledge?).

I suspect it could be insider knowledge. IIRC Yahoo had some issues some time ago with stuff leaking through a subsidiary. Could be something like that. Yahoo is big. And, judging from the stories, a bit of a mess.

> Interesting reading...
> http://www.nznewsuk.co.uk/business/?id=39401&story=Telecom-to-keep-Yahoo--email-service-after-hacking-review

I wonder if people don't just consider these hacks as their own fault.

Martijn.

-- 
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq