If you tell enough stories, perhaps the moral will show up.

2009-05-15

Password-Stealing Spam

Big current spam trick: The stolen webmail account.

Hotmail etc. make it hard to register accounts for spamming, so a lot of mail out of their relays isn't spam. And that means that spam detectors mod up mail coming through those gateways -- if it's truly from Hotmail, it's much less likely to be spam. So we're seeing a resurgence -- it feels like 1998 -- of spam from public webmail services. Examined, it turns out:

  • To be from a real MSN/Hotmail/Yahoo account (they're not just spoofing addresses -- that wouldn't work)
  • To be pushing Chinese electrical goods (if it was stiffy lollies, the language would push the spam balance back to "block")
  • It's all sent from Chinese IP addresses. Whether it's .fr, .co.uk, or whatever, it's all pirated from China.

I wrote about this, from the other side, last year. But this is more sophisticated, going to big lists, not just address books.

Just another penalty of being spywared.

No comments: