The Latest in IT Security

Spam through an official Yahoo Redirect


Just recently I received on my personal email address an email which was quite strange. An Online Pharmacy spam (aka Canadian Pharmacy) which contained two parts:

  • A plain-text part containing the obfuscated text “B|uepi|u|e” and a link
  • A text-html part containing the plain text part and a link to a picture hosted on a hacked website. The interesting here is that the image is hosted on the same website as the link, but it is addressed through the same redirect:**http%3A//

This way the spammers go one level safer and prevent the spam filters to block the email based on the URL.

Spam Mail using Yahoo Redirector

At first sight it seems a classical redirect through a Yahoo service, but when changing the link after /** I’ve seen that this is not as I originally thought.

Yahoo Redirector "Signature" Check

Apparently, the spammers arranged somehow with Yahoo to use their redirecting service. They registered the base URL**http%3A// – because if I remove something from this base URL I get the error above and when I add something after it, it is ignored and redirected to the online pharmacy.

I wonder only if the link was registered by the spammers or by the Spanish weather service. The Avira Antispam is detecting this email as spam because we consider quite spammy to send an email from a provider different than Yahoo containing redirectors of Yahoo.

Sorin Mustaca
Data Security Expert

Leave a reply





Latest Comments

Social Networks