Spam scam creates Yahoo zombies

Junk mail fraudsters dupe users into setting up bogus Yahoo accounts

Yahoo members have been warned of a scam in which spammers try to take over their email accounts by sending out fraudulent emails asking for verification of Yahoo account login details.

The email request, which claims to help Yahoo prevent automated registrations, tries to dupe users into creating email accounts from which spammers can then distribute large quantities of unsolicited email.

IT security firm MessageLabs warned that the emails contain a fake Yahoo.com URL that leads to a completely different site, but redirects through a Google URL three times to obfuscate the link.

It then redirects to another fake Yahoo web address that loads a real Yahoo help page with legitimate information explaining the code verification process.

This is followed by a fake pop-up window which shows the user a Yahoo picture ID and asks them to enter the code.

Alex Shipp, senior antivirus technologist at MessageLabs, said: "This scam is another demonstration of how spammers and fraudsters attempt to manipulate computer users into doing their dirty work for them.

"Not only do they try and turn innocent users' machines into zombies for spam distribution, but they want them to set up new email accounts for them as well.

"The advantages for a spammer include increased capacity and flexibility when sending spam, as well as making it harder to trace the spammers themselves."

According to MessageLabs, the Yahoo scam emails are currently being detected in relatively low volumes, possibly because the scammers are trying to maintain a low profile.

Email characteristics:

Subject: Automatic Yahoo identifier completion

Body text: Dear Yahoo! Member, We must check that your Yahoo! ID was registered by real people. So, to help Yahoo! prevent automated registrations, please click on this link and complete code verification process: [URL removed] Thank you.