Beware of a new form of SPAM greetings

Just yesterday I was going through an article which shows ways by which spammers try to evade bayesian filters to get into your inbox. Today I got a first hand experience of another new way of getting into the inbox by fooling the spam filters. I got a mail from greetings@reply.yahoo.com and if you look carefully this is just one of the email address which Yahoo! will not filter and the mail lands into your inbox. This mail is sent by Yahoo! Greetings so there is nothing to suspect. The DomainKey-Signature also points to Yahoo! Greetings so there is little to suspect in there.

Received: (qmail 14714 invoked from network); 30 Mar 2006 21:08:14 -0000
Received: from pre-smtp05-02.secureserver.net (HELO pre-smtp05-02.prod.mesa1.secureserver.net) ([64.202.166.15])
          (envelope-sender )
          by smtp03-01.prod.mesa1.secureserver.net (qmail-ldap-1.03) with SMTP
          for <*****@yahoo.com>; 30 Mar 2006 21:08:14 -0000
Received: (qmail 957 invoked from network); 30 Mar 2006 21:08:14 -0000
Received: from unknown (HELO n30a.bullet.scd.yahoo.com) ([209.73.160.88])
          (envelope-sender )
          by pre-smtp05-02.prod.mesa1.secureserver.net (qmail-ldap-1.03) with SMTP
          for <*****@yahoo.com>; 30 Mar 2006 21:08:13 -0000
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=gcom1024; d=yahoo.com;
 b=T3S7EetKgarz3oqISx7o81d04bWE3pSCjlhR/rymRp3TLcqTHOsvHZtLFMNcsTbV6TooBNE8zRwzPP6z0CqHriAgOPG5Izd+0j/rBu3Bh7hHje0er7KIgaVRJ2TUf0NoLPRqZFq5zmkQoRYuKQ1Eomch1W8m42T4eb0H3Yxo+L4=;
Received: from [66.218.69.3] by n30.bullet.scd.yahoo.com with NNFMP; 30 Mar 2006 21:08:12 -0000
X-yahoo-newman-property: greetings
X-yahoo-newman-id: null
Received: from [66.163.186.252] by t3.bullet.scd.yahoo.com with NNFMP; 30 Mar 2006 21:08:12 -0000
Received: from [127.0.0.1] by web8.greet.sc5.yahoo.com with NNFMP; 30 Mar 2006 21:08:12 -0000
Received: from [59.114.214.185] by web8.greet.sc5.yahoo.com; Fri, 31 Mar 2006 05:08:12 +0800
Date: Fri, 31 Mar 2006 05:08:12 +0800
From: greetings@reply.yahoo.com
Errors-To: greetings@reply.yahoo.com
Reply-To: alice99785412@hotmail.com
To: donate@viamatic.com
Subject: ªüªÚ ¦b "Yahoo!©_¼¯¶P¥d" ¬D¤F¤@±i¥d¤ù±Hµ¹§A¡A§Ö¬Ý³á¡I
X-Nonspam: None

"ªüªÚ" (alice99785412@hotmail.com)¦b "Yahoo!©_¼¯¶P¥d" ¿ï¤F¤@±i¥d¤ù±Hµ¹§A³á¡I 

¥d¤ù»â¨ú¿ìªk¡G

½ÐÂI¿ï¥H¤Uºô§}«e©¹¦¬¨ú(30¤Ñ¤º¦³®Ä)¡C

http://tw.view.greetings.yahoo.com/greet/view?7FNQ948STKCXR

¦pªGµLªk³sµ²¡A½Ð¨ì http://tw.view.greetings.yahoo.com/pickup ¡A¨Ã±N¤U­±ªº¥N½X½Æ»s«á¶K¦bªÅ®æ¸Ì¡G

7FNQ948STKCXR

¯¬§A¦¬¥d´r§Ö¡I

Yahoo!©_¼¯¶P¥d»s§@¤p²Õ 

-------------------------
"Yahoo!©_¼¯¶P¥d" ¥d¤ùºØÃþ»ô¥þ¡A±i¼Æ¶W¦h¡I §Ö¨ì http://tw.greetings.yahoo.com/ ¬D±i¥d¤ù±Hµ¹¿ËªB¦n¤Í§a¡I


So far so good. There is nothing to suspect in there. Since I could not understand much I opened the link and since it points to http://greetings.yahoo.com/ there was little to suspect. I opened the greeting card and there I saw nice little advertisments in the greeting card. It was in the extra message space that the greeting card companies provide.

The question on your mind would be how its different from normal spam. Firstly this mail will not be filtered using normal spam filters and it will land inside your inbox. Secondly if you open the card like I did, you have verified your email address with the spammer. Its like using web beacons without actually using them and the greeting card companies are helping the spammer here. If you remember there is a feature most greeting companies have that informs the sender when a greeting card is opened. And since I opened it they have an email address that has been verified.

So the next time you get a greeting card from an unknown person and even if the email is in your inbox do not open it.

Technorati Tags: ,

Comments

Post a Comment

Popular posts from this blog

The best mobile development platform for hobbyist programmer

This is something I have been thinking for a while so here it goes. This is a list of platforms I know of and my choice of what makes sense for a hobbyist programmer like me. Let me first list down all the possible platforms and then list down the pros and cons that I feel are associated with each platform. Java ME (The platform formally known as J2ME) Windows Mobile Linux Palm Brew Symbian Blackberry iPhone iPhone Let me start with iPhone the darling of the media and blogger's till about a fortnight. I had real expectations from iPhone as a platform but the way its been going so far I would never bother developing for it. Officially there is no SDK with which one can build applications. What ever tools the community had built have been rendered useless with the iPhone 1.1.1 software upgrade . The community might be able to hack a version for 1.1.1 but without any support from almighty apple its just a cat and mouse game. With every minor release the applications
Read more

And yet more invites for joost

UPDATE: I have given out all of them, if I get anymore I will send them across. I have more invitations for joost incase you are looking for one just leave a message on meebo or leave your email address in the comments and I will send you an invite. Incase you leave your email address in the comments please don't write it in plain text. Use this format xyz(at)emailprovider.com instead. Technorati Tags: joost , invite , tv
Read more

Using Voicemail with Airtel Prepaid Karnataka

Call  *321*671# to activate the service on your phone. It will ask you for permission if you want to enable it. To customize the account dial 52555 To disable voicemail dial *321*673# You can also activate it by sending out a SMS Send START VMS to 54321 for activation  Send STOP VMS to 54321 for de-activation  This post if for my own reference. If you have any questions leave a comment and if I know about it I will try and answer it.
Read more