Large number of abused Yahoo accounts are being used for sending out spam that includes links to hacked websites with PHP code that links to sites selling weight loss products. Typically the mails have multiple recipients, no subject line and a single link in the message body that uses a PHP page, such as
http://www.example.com/images/stories/ronnd.php?faze=faze
The PHP code redirects to a spam domain, or another PHP page redirecting to a spam domain. Here is a list of some of the spam domains advertised recently:
12fox-news.com
12newsfx.com
1newstime.com
berryextra.com
berryrasps.com
berrythins.com
bestnewsfx.com
buy-raspberry.com
buyberrysdiet.com
channel6nws.com
diet12news.com
dietberryshop.com
dietsraspberry.com
e-raspberryshop.com
efoxnws.com
extra5news.com
focsnewss.com
fox-nws.com
fox5diet.com
fox5nws.com
foxclocknews.com
foxfxnws.com
foxnws24.com
fx-nwstop.com
fxnews12.com
fxsclock.com
fxsnws12.com
fxx-news.com
greencoffeediet.ru
hoursfox.com
i-foxnews.com
i-raspberrys.com
iclocknews.com
justraspberry.com
limitedberry.com
lossdietketone.com
luxurynws.com
naturalberrys.com
newoclocks.com
news24fox.com
newsfx12.com
newsfx24.com
newsfxs12.com
newsviagrow.ru
nowslimberry.com
nwscofee.com
nwsfox.com
nwsfox5.com
nwsfxs12.com
nwshour.com
onraspberry.com
onraspberrys.com
raspberry-slims.com
raspberrybest.com
raspberryelites.com
raspberryfresh.com
raspberryseller.com
raspberrysold.com
raspberrywinter.com
raspdiet.com
raspdiets.com
raspsberry.com
raspsworld.com
raspthinberry.com
salesraspberry.com
shopraspberry.com
slimketone.com
slimraspberry.com
slimsberrys.com
slimsfox.com
soldraspberry.com
topberrydiet.com
trimfatrasp.com
trimraspberry.com
ultraraspberry.ru
These domains use Russian name servers such as ns1.dnsmax.ru (219.87.170.82), ns1.dnscentral.ru (219.87.170.82), ns2.dnsmax.ru (89.103.247.13), ns2.dnscentral.ru (89.103.247.13). The use of hacked Yahoo accounts for mailing, of hacked PHP websites to mask the spam domain and the fake references to Fox News are similar to the “Work from home mom” scam that has been going around for a while, so they are probably connected.
My advice: Don’t buy from spammers. Why should you hand your credit card details to a criminal?
Pingback: Garcinia Cambogia weight loss spam from hacked Yahoo accounts
This is still going on.
Yahoo account just hit in a big way yesterday.