Someone, somewhere is making full use of Yahoo webmail to send out what could be millions of fake emails pretending to be Amazon order confirmations (extrapolating on the numbers received here). Needless to say, they really contain a ZIP file with a rather nasty looking Microsoft executable file inside.
My guess is they’re using accounts compromised earlier in the year, as reported here, which gets them through spam filters as most ISPs trust Yahoo. Actually, ISPs generally don’t trust Yahoo but their users don’t see it that way when their friends’ Yahoo email is blocked.
Is this Yahoo’s fault? Normally I’d blame the criminals, but in this case Yahoo could be doing a lot more to to help. This has been going on for three days, and there’s no legitimate reason why any of its users should be sending out with addresses @amazon.co.uk. Even if they can’t scan to detect the latest malware, recognising these fake emails is easy enough.
It’s hardly a new tactic by the criminals, of course. amazon.co.uk’s name was abused back in May to deliver similar Trojan malware.
It’s about time Yahoo (and other freemail services) took responsibility for the damage caused by their business model.