Yahoo IM "spoofing", "SPIM", and redirect

[David Farber <dave () farber net>]

Begin forwarded message:

From: Tracy Hall <tracy () broadbandphysics com>
Date: January 19, 2006 4:22:47 PM EST
To: dave () farber net
Subject: Yahoo IM "spoofing", "SPIM", and redirect

You may have already seen something like this:

I just received an IM on Yahoo from a "ychat_violation_dept_yq4",  
claiming
to be from Yahoo!, and claiming to have have received "...multiple  
reports of abuse...",
and asking me to click on a link "...to avoid terminating your  
account...".

The link?  Starts off simple enough:

ht|p://in.rd.yahoo.com/in/fp/dir/

But in full :
ht|p://in.rd.yahoo.com/in/fp/dir/?ht|p://tjek.nu/7k


["|" sub'ed for "t" to make sure nothing turns them into active links]

In other words, using a "legitimate" yahoo address to re-direct to,  
well,
wherever-the-heck it redirected to.  I've tested that it does re-direct
by sub'ing my own URL for the "tjek.nu" one, and it does do so,
without any message, warning,  information or option.

'Course, I don't click *any* link without checking it six-ways-from- 
sunday,
but still...

Tracy Hall



-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/