Spammers Harnessing Web Mail Servers – Gmail & Yahoo! Throttled

It seems like spammers are now moving to automated spam via popular web mail services as a way to bypass IP-blacklisting services.

It’s a large advantage for them as they can still use botnet sources to generate the e-mail but the source IP address will be from a ‘trusted’ domain such as Gmail or Yahoo!.

The growing abuse of webmail services to send spam has led anti-spam services to throttle messages from Gmail and Yahoo!

Over recent months security firms have reported that the Windows Live CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) used by Hotmail, and the equivalent system at Gmail, have been broken by automated attacks.

CAPTCHAs typically help ensure that online accounts can’t be created until a user correctly identifies letters depicted in an image. The tactic is designed to frustrate the use of automated sign-up tools by spammers and other miscreants.

Obtaining a working Gmail account has a number of advantages for spammers. As well as gaining access to Google’s services in general, spammers receive an address whose domain is highly unlikely to be blacklisted, helping them defeat one aspect of anti-spam defences. Gmail also has the benefit of being free to use.

I think we are only going to see the percentages go up as spammers find it’s more effective to send their junk from web based email services. Now they can ship out the CAPTCHA breaking to sweatshops in India for peanuts, it’s a good solution to a lot of the problems they face when sending bulk mail.

An analysis of spam trends in February 2008 (the last available monthly figures) by MessageLabs revealed that 4.6 per cent of all spam originates from web mail-based services.

The proportion of spam from Gmail increased two-fold from 1.3 per cent in January to 2.6 per cent in February, most of which spamvertised skin-flick websites. Yahoo! Mail was the most abused web mail service, responsible for sending 88.7 per cent of all web mail-based spam.

It was first thought that automated tools were used by spammers to defeat security checks and establish webmail accounts that might later be abused to send junk. More organisations are coming around to the theory, first floated by Brad Taylor, a Google software engineer, that bots are signing-up for accounts before sending the puzzles to real people.

It costs them as little as $4 a day to hire someone to break CAPTCHAs from the webmail sites. It’s a known fact they are making huge amounts of money so this is a small payout for them to ensure more mail gets past traditional spam filters.

Source: The Register

Posted in: Exploits/Vulnerabilities, Spammers & Scammers

, , , , ,

Latest Posts:

Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.

8 Responses to Spammers Harnessing Web Mail Servers – Gmail & Yahoo! Throttled

  1. Ian Kemmish April 10, 2008 at 1:53 pm #

    Given the well-publicised inability of 118118’s Indian operatives to understand even simple allusions, maybe the answer is to replace captchas with simple but culturally-localised quiz questions — the sort that win you a few quid on “Who Wants to be a Millionaire” for example.

  2. Morgan Storey April 10, 2008 at 3:20 pm #

    You only need to look at Jdownloader to see a working ai Captcha in action. It gets about 90% of them then you can farm the rest off to manual labor, or another one I heard of is just repost the captcha image to a porn site asking users to verify they are human before entering, or posting it to a game that loads one via the bot.

  3. fever April 10, 2008 at 4:39 pm #

    It was only a matter of time before someone figured out how do do it. there is no security system that is safe against time, it is the one true adversary.

  4. zupakomputer April 10, 2008 at 5:05 pm #

    Sounds like another ploy to ensure that free anonymous e-mail accounts become fewer and fewer; same thing was done to many a discussion forum a few years back.
    There were loads of high-profile forums that allowed posts to be made without needing an account – they all began being abused by disrupters and spammers in exactly the same manner (eg – using other people’s handles and replying abuse to loads of threads, posting the same messages over and over again), and the only way those running the boards knew how to cope with it was to enforce verified accounts – so now if you want to use those places you’re stuck with one username and all that census-taker crapola.

    imdb is one of the worst of all – they got bought over by Amazon when all that bs was going down, and now you need a credit card or mobile phone number to get a fricking discussion board account there.

    The ‘powers that be’ don’t like people being able to hold anonymous communications; they want them all to be rank and filed and stuck with the one name / ID.

    The spam scams are just part of that usual tactic – organised disruption leading to privacy crackdowns. Nobody needs spam mail to remind them where to get porn online; if you want porn you can find it easy no problem. Ditto for gambling and those types of meds the spam mails all advertise.

  5. fever April 11, 2008 at 3:38 am #

    i think you got it right zupakomputer it would be a great way to reduce internet freedoms also. make the internet full of spammers and take away all of the freedoms in order to catch them.

  6. zupakomputer April 11, 2008 at 6:10 pm #

    It stands to reason: they’re flipsides of one another.

    One half of their brain wants to control other people, the other half of their brain is the opposite of that – the disrupter, the spammer, the abuser.

    They flip-flop between those dynamics to control the normal people, who are only wanting to get on with life, quietly and without any fuss.

    It’s always the same tried old drama with them: divide and rule, divide and rule.

    I say ‘square and compass’ to all the divide-and-rulers.

  7. fever April 11, 2008 at 11:44 pm #

    Well put.

    Give the people an enemy and i mean really point the finger at a particular group and you will get the people to willingly give up almost anything to rid themselves of the “threat”. It has been done time and time again.

  8. gbiondo April 12, 2008 at 10:19 am #

    I want to assume that the MTA is properly installed and implemented – after all, we are speaking of Y! and G.

    Spam is indeed a long time debated phenomenon, and nothing new can be said – but let’s focus on a couple of factors:

    a) A spammer is theoretically forced by spam filters to use heavily his new/stolen/whatever account just for a small amount of time – usually only once. If you want to model it mathematically, you can think about it as the Dirac delta function: its value is always 0, except on the origin, in which it tends to +inf. It’s chiefly an impulse.

    b) Let’s assume that a normal user does not forward the same message to 1000 people – the exceptions to this assumption can be treated as they are: exceptions!

    Given these basic considerations, maybe the best way to act is on the MTA, maybe implementing anti-impulse controls. This is not a holistic solution by itself, indeed, and introduces also other kind of problems, such as exceptions handling, but it can help mitigating the phenomenon.