Acai Berry Spam and Yahoo Groups

31Jul09

Yahoo has a big problem with spammers. This abuse of its Yahoo Groups services has been going on for at least since late 2008. Much of this information is already out there for those to read but somewhat scattered, so I am providing links within this blog.  The spammers are selling various pharma spam. My particular example in more detail is Acai Berry. Another example exploiting Yahoo Groups’ redirects is “Pure Magnum Pro” Male Enhancement or Penis Enlargement spam.

I plan to do further research Acai Berry spam and post my findings on this blog, so this entry will continue to change through out the week or perhaps longer. Our goal is to have Yahoo address its problem on Yahoo Groups. There are several updated blogs about this type of spam. Digital Degenerate mentions other pharma spammers (Canadian Pharmacy) abusing Yahoo Groups and Hotmail. SC Magazine has an article from 7/23/09 that mentions specifically of spammers breaking CAPTCHA’s in order to setup these accounts in a quick automated fashion as discovered by a security analyst at AppRiver.

As of Late July early August, 2009 while I am doing my research now I find the much of my current spam is Acai Berry. My last update is 8/1/09 for this entry.

This blog has a few updates about what Acai Berry is. I had never heard of it until I started seeing it spammed within the past year. It would seem in the past month or 2 my mailboxes have more Acai Berry spam than spam of any other type. It has been reported by AllSpammedUp and other sources that Acai Berry spam is spewed from the Cutwail botnet.

SiL at IKillSpammers blog has pointed out in his recent blog entry on July 29th, 2009 about Yahoo Groups as a large offender in allowing these spam redirects touting Acai Berry products. It is hoped that the excellent IKS’ blog will bring attention to this widespread abuse of Yahoo’s group.

The spam group behind Acai Berry Boom spam is outlined at Spamtrackers under the entry: Vitalacai. It mentions the usage of Chinese bulletproof hosting and more recently, this group is abusing Yahoo Groups by spamming redirects from dummy accounts created on Yahoo Groups, which then a user would click to go to a fraudulent domain.

I looked at one of my many spam today 7/31/09. I then selected 1 Acai Berry spam to analyse. The sender IP according to the headers is: 67.76.213.214 ( EMBARQ-GLOBAL – AS2379). According to MXToolbox Blacklist tool, this IP (67.76.213.214) is blacklisted by more than 10 RBLs.

The subject line of this spam is : “Acai Berry Stimulates your Mind.” The Yahoo Groups redirect link is below. ( spamvertising URLs purposely obfuscated with xx, so one will not simply click on the links).

Example researched at 8/1/09
hxxp:// finance.groups.yahoo.com/group/fihudukajogola/message/1 – Yahoo IP: 66.196.85.48 AS14779
redirects to: hxxp:// easyalaska.com/ IP: 203.93.209.108 / AS9929

fihudukajogola is a bogus Yahoo automated user that the spammer created probably by breaking Yahoo’s CAPTCHA put in place. I would guess there have been many thousands of these users. Currently, Yahoo treats it like Whack-a-Mole, taking them down after spam reporters labourously report them to Yahoo. Here is some information about the destination domain, easyalaska.com

   Domain Name: EASYALASKA.COM
   Registrar: CHINA SPRINGBOARD INC.
   Whois Server: whois.namerich.cn
   Referral URL: http://www.namerich.cn
   Name Server: NS1.UTRIMERSIM.COM
   Name Server: NS2.UTRIMERSIM.COM
   Name Server: SP521.DELETEDNS.COM
   Name Server: SP522.DELETEDNS.COM
   Status: ok
   Updated Date: 24-jul-2009
   Creation Date: 19-jul-2009
   Expiration Date: 19-jul-2010

One can review easyalaska.com at Site Advisor to see more details about its criminal activity. Here is large image of what the spamming landing page looks like.

Acai-Power-Logo

The IP of the destination website hawking Acai Berry is on AS9929 is is China Netcom. China-netcom.com (cnc-noc.net) is in the top 10 of Network offenders on Spamhaus’ SBL as of August 2009. The IBR WordPress blog has a very current entry already about the current Top 10 list of ISP Offenders on Spamhaus’ SBL. One can read other well done reviews on Site Advisor about this flagrant abuse, a few offending domains: fasterdepend.com and slimfitamount.com.

According to some active posters at InBoxRevenge, Yahoo does not make it easy to report abuse on its Yahoo Groups area of its site. Another anti spam forum called Fight Back Against Spammers and Scammers, noted in details back in January 2009 of Yahoo Groups abuse.

The wiki on Spamtrackers.eu has a recently updated entry about the ongoing abuse of Yahoo Groups here; this shows some very detailed research completed in recent months. According to some active posters at InBoxRevenge, Yahoo does not make it easy to report abuse on its Yahoo Groups area of its site. Another anti spam forum called Fight Back Against Spammers and Scammers, noted in details back in January 2009 of Yahoo Groups abuse. Wiki Spamtrackers.eu has a recently updated entry about the ongoing abuse of Yahoo Groups here; this shows some very detailed research.

One thing I have found in my research is if I visit the infected Yahoo Groups URL in a text browser, it will not displaythe destination site properly within the frames and I get this message after the line: Server: YTS/1.17.9

Aren’t you supposed to be somewhere else?

Yahoo has been dragging its feet in getting rid of this scurge. It is my hope with this blog entry and others out there, that Yahoo will pay attention to such flagrant abuse and shutdown the spamming compromise once and for all.

Advertisements


One Response to “Acai Berry Spam and Yahoo Groups”

  1. I keep on getting Canadian pharmacy spam continuously, from Yahoo! Groups. And what I do, each single time, I report methodically to Yahoo. I have recently created a new email address on win live, and I receive on there as well, although I never used it publicly, on forums or whatever.

    I share the same hope with you: that Yahoo will do something about that, because reporting individual groups like 2-3x/day tends to get kinda tiresome.


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: