Spammers Harnessing Web Mail Servers – Gmail & Yahoo! Throttled

Keep on Guard!

It seems like spammers are now moving to automated spam via popular web mail services as a way to bypass IP-blacklisting services.

It’s a large advantage for them as they can still use botnet sources to generate the e-mail but the source IP address will be from a ‘trusted’ domain such as Gmail or Yahoo!.

The growing abuse of webmail services to send spam has led anti-spam services to throttle messages from Gmail and Yahoo!

Over recent months security firms have reported that the Windows Live CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) used by Hotmail, and the equivalent system at Gmail, have been broken by automated attacks.

CAPTCHAs typically help ensure that online accounts can’t be created until a user correctly identifies letters depicted in an image. The tactic is designed to frustrate the use of automated sign-up tools by spammers and other miscreants.

Obtaining a working Gmail account has a number of advantages for spammers. As well as gaining access to Google’s services in general, spammers receive an address whose domain is highly unlikely to be blacklisted, helping them defeat one aspect of anti-spam defences. Gmail also has the benefit of being free to use.

I think we are only going to see the percentages go up as spammers find it’s more effective to send their junk from web based email services. Now they can ship out the CAPTCHA breaking to sweatshops in India for peanuts, it’s a good solution to a lot of the problems they face when sending bulk mail.

An analysis of spam trends in February 2008 (the last available monthly figures) by MessageLabs revealed that 4.6 per cent of all spam originates from web mail-based services.

The proportion of spam from Gmail increased two-fold from 1.3 per cent in January to 2.6 per cent in February, most of which spamvertised skin-flick websites. Yahoo! Mail was the most abused web mail service, responsible for sending 88.7 per cent of all web mail-based spam.

It was first thought that automated tools were used by spammers to defeat security checks and establish webmail accounts that might later be abused to send junk. More organisations are coming around to the theory, first floated by Brad Taylor, a Google software engineer, that bots are signing-up for accounts before sending the puzzles to real people.

It costs them as little as $4 a day to hire someone to break CAPTCHAs from the webmail sites. It’s a known fact they are making huge amounts of money so this is a small payout for them to ensure more mail gets past traditional spam filters.

Source: The Register

Stay safe with the BEST VPN

PureVPN Lifetime for $99

Posted in: Exploits/Vulnerabilities, Spammers & Scammers

, , , , ,

Latest Posts:

CCleaner Hack - Spreading Malware To Specific Tech Companies CCleaner Hack – Spreading Malware To Specific Tech Companies
The CCleaner Hack is blowing up, initially estimated to be huge, it's hit at least 700k computers & is specifically targeting 20 top tech organisations.
AWSBucketDump - AWS S3 Security Scanning Tool AWSBucketDump – AWS S3 Security Scanning Tool
AWSBucketDump is an AWS S3 Security Scanning Tool, which allows you to quickly enumerate AWS S3 buckets to look for interesting or confidential files.
nbtscan Download - NetBIOS Scanner For Windows & Linux nbtscan Download – NetBIOS Scanner For Windows & Linux
nbtscan is a command-line NetBIOS scanner for Windows that is SUPER fast, it scans for open NetBIOS nameservers on a local or remote TCP/IP network.
Equifax Data Breach - Hack Due To Missed Apache Patch Equifax Data Breach – Hack Due To Missed Apache Patch
The Equifax data breach is pretty huge with 143 million records leaked from the hack in the US alone with unknown more in Canada and the UK.
Seth - RDP Man In The Middle Attack Tool Seth – RDP Man In The Middle Attack Tool
Seth is an RDP Man In The Middle attack tool written in Python to MiTM RDP connections by attempting to downgrade the connection to extract clear text creds
dcrawl - Web Crawler For Unique Domains dcrawl – Web Crawler For Unique Domains
dcrawl is a simple, but smart, multithreaded web crawler for randomly gathering huge lists of unique domain names. It will branch out indefinitely.

8 Responses to Spammers Harnessing Web Mail Servers – Gmail & Yahoo! Throttled

  1. Ian Kemmish April 10, 2008 at 1:53 pm #

    Given the well-publicised inability of 118118’s Indian operatives to understand even simple allusions, maybe the answer is to replace captchas with simple but culturally-localised quiz questions — the sort that win you a few quid on “Who Wants to be a Millionaire” for example.

  2. Morgan Storey April 10, 2008 at 3:20 pm #

    You only need to look at Jdownloader to see a working ai Captcha in action. It gets about 90% of them then you can farm the rest off to manual labor, or another one I heard of is just repost the captcha image to a porn site asking users to verify they are human before entering, or posting it to a game that loads one via the bot.

  3. fever April 10, 2008 at 4:39 pm #

    It was only a matter of time before someone figured out how do do it. there is no security system that is safe against time, it is the one true adversary.

  4. zupakomputer April 10, 2008 at 5:05 pm #

    Sounds like another ploy to ensure that free anonymous e-mail accounts become fewer and fewer; same thing was done to many a discussion forum a few years back.
    There were loads of high-profile forums that allowed posts to be made without needing an account – they all began being abused by disrupters and spammers in exactly the same manner (eg – using other people’s handles and replying abuse to loads of threads, posting the same messages over and over again), and the only way those running the boards knew how to cope with it was to enforce verified accounts – so now if you want to use those places you’re stuck with one username and all that census-taker crapola.

    imdb is one of the worst of all – they got bought over by Amazon when all that bs was going down, and now you need a credit card or mobile phone number to get a fricking discussion board account there.

    The ‘powers that be’ don’t like people being able to hold anonymous communications; they want them all to be rank and filed and stuck with the one name / ID.

    The spam scams are just part of that usual tactic – organised disruption leading to privacy crackdowns. Nobody needs spam mail to remind them where to get porn online; if you want porn you can find it easy no problem. Ditto for gambling and those types of meds the spam mails all advertise.

  5. fever April 11, 2008 at 3:38 am #

    i think you got it right zupakomputer it would be a great way to reduce internet freedoms also. make the internet full of spammers and take away all of the freedoms in order to catch them.

  6. zupakomputer April 11, 2008 at 6:10 pm #

    It stands to reason: they’re flipsides of one another.

    One half of their brain wants to control other people, the other half of their brain is the opposite of that – the disrupter, the spammer, the abuser.

    They flip-flop between those dynamics to control the normal people, who are only wanting to get on with life, quietly and without any fuss.

    It’s always the same tried old drama with them: divide and rule, divide and rule.

    I say ‘square and compass’ to all the divide-and-rulers.

  7. fever April 11, 2008 at 11:44 pm #

    Well put.

    Give the people an enemy and i mean really point the finger at a particular group and you will get the people to willingly give up almost anything to rid themselves of the “threat”. It has been done time and time again.

  8. gbiondo April 12, 2008 at 10:19 am #

    I want to assume that the MTA is properly installed and implemented – after all, we are speaking of Y! and G.

    Spam is indeed a long time debated phenomenon, and nothing new can be said – but let’s focus on a couple of factors:

    a) A spammer is theoretically forced by spam filters to use heavily his new/stolen/whatever account just for a small amount of time – usually only once. If you want to model it mathematically, you can think about it as the Dirac delta function: its value is always 0, except on the origin, in which it tends to +inf. It’s chiefly an impulse.

    b) Let’s assume that a normal user does not forward the same message to 1000 people – the exceptions to this assumption can be treated as they are: exceptions!

    Given these basic considerations, maybe the best way to act is on the MTA, maybe implementing anti-impulse controls. This is not a holistic solution by itself, indeed, and introduces also other kind of problems, such as exceptions handling, but it can help mitigating the phenomenon.