Log in

No account? Create an account
My god, it's full of perl scripts! (updated 08/16) - Alex Belits
My god, it's full of perl scripts! (updated 08/16)

Since two addresses in the vincent.jb.org incident were from Yahoo Mail, I have reported them to abuse@yahoo.com.

So far, it looks like I am talking to some piece of software, specifically designed to keep email away from people who are supposed to respond to it. Or at least this is how it's used by hard-working Yahoo admins:

Wed, 09 Aug 2006 16:01:45 -0600Thu, 10 Aug 2006 21:28:44 -0700
Fri, 11 Aug 2006 00:33:36 -0600Thu, 10 Aug 2006 23:36:21 -0700
Sat, 12 Aug 2006 09:45:24 -0700
Sun, 13 Aug 2006 00:10:39 -0600Sat, 12 Aug 2006 23:55:00 -0700
Mon, 14 Aug 2006 01:49:51 -0700
Tue, 15 Aug 2006 04:06:09 -0600Tue, 15 Aug 2006 14:13:14 -0700

Update: After re-sending email to security@yahoo-inc.com I have finally received a reply that mentions a particular person who, I assume, was the first human other than myself involved in this exchange (personal information X'ed out in that email). On August 16 both exploitko@yahoo.com and priv8.1337@yahoo.com don't work anymore, so it looks like Yahoo doesn't ignore everything, just email sent to abuse@ address.

On the other hand, psikoma.host.sk is alive and well, http://psikoma.host.sk/zoot.tgz (rootkit) and http://psikoma.host.sk/paypal.tgz (fake Paypal site) still contain the old addresses.

Tags: ,

4 comments or Leave a comment
From: sethb Date: August 13th, 2006 07:51 am (UTC) (Link)
Yahoo obviously has scripts that look for something yahooish in the headers before passing the message to a human.

I've found that adding in the body of my message a line like

Too-Stupid-To-Live: abuse@yahoo.com

passes that filter.

It might be better if you used the actual email address you found (I report stuff that came from Yahoo, and they don't seem to recognize their own IPs). So you could use

Yahoo-Phishing-Address: @yahoo.com

and that should get through.
abelits From: abelits Date: August 13th, 2006 08:06 am (UTC) (Link)
I have guessed that something like that is in place, so I have added their own message, with messed up addresses and Message ID, just in case that robots filter out their own headers.
abelits From: abelits Date: August 13th, 2006 08:14 am (UTC) (Link)
...Apparently it worked, too -- now robot promises that a human will respond.
abelits From: abelits Date: August 13th, 2006 08:20 am (UTC) (Link)
...or maybe not -- last time it sent a message that looked exactly like that, yet the next response was still automated.
4 comments or Leave a comment