This spammer is DomainKeys verified, a natural observation considering that the spam compaign which I discussed last Wednesday is using bogus Yahoo Mail accounts, and is spamming only Yahoo Mail users through a segmented emails database.
Not necessarily what I wanted to achieve, but once posting the spam campaigns SEO URLs, Yahoo's crawler's picked up the post pretty fast, and have ruined the SEO effect, with everyone clicking on the campaign's links reaching the post. Close to 15,000 unique visitors reached the article during the past 7 days since the now hijacked, spammer's link is no longer achieving the effect it used to.
What does this prove? It proves that users tend to trust emails that pass through spam filters so much that they actually click on the links. And whereas it's a spam campaign, and not a malware campaign, the next time they over trust such a email, they'll expose themselves to client-side vulnerabilities courtesy of a copycat web malware exploitation kit.
The latest search query the campaign is using :
- yahoo.com/search/search;_ylt=?p=...........................................stossregularnew............$0.00.........
leads to stossregularnew.com (61.255.135.185).
- yahoo.com/search/search;_ylt=?p=||||||||||||||||clapmoon||||||||||||$229|||||||||||||||| leads to clapmoon.com (122.198.62.4).
No comments:
Post a Comment