[IP] Yahoo IM "spoofing", "SPIM", and redirect
Begin forwarded message:
From: Tracy Hall <tracy@xxxxxxxxxxxxxxxxxxxx>
Date: January 19, 2006 4:22:47 PM EST
To: dave@xxxxxxxxxx
Subject: Yahoo IM "spoofing", "SPIM", and redirect
You may have already seen something like this:
I just received an IM on Yahoo from a "ychat_violation_dept_yq4",
claiming
to be from Yahoo!, and claiming to have have received "...multiple
reports of abuse...",
and asking me to click on a link "...to avoid terminating your
account...".
The link? Starts off simple enough:
ht|p://in.rd.yahoo.com/in/fp/dir/
But in full :
ht|p://in.rd.yahoo.com/in/fp/dir/?ht|p://tjek.nu/7k
["|" sub'ed for "t" to make sure nothing turns them into active links]
In other words, using a "legitimate" yahoo address to re-direct to,
well,
wherever-the-heck it redirected to. I've tested that it does re-direct
by sub'ing my own URL for the "tjek.nu" one, and it does do so,
without any message, warning, information or option.
'Course, I don't click *any* link without checking it six-ways-from-
sunday,
but still...
Tracy Hall
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/