MAD Monday

Posted by on Apr 2, 2012 in Mad Monday, Spam

Today’s advertiser is exploiting free software and users of Microsoft’s online advertising network (AdCenter) to harvest emails and cell phone numbers for spam.

Point your browser to downloadfrontier.com and you will find a blank page. Search for “Download Yahoo Messenger” on bing.com though, and you may find an ad (link) which routes you through to a downloadfrontier.com landing page (link) offering the popular Yahoo Messenger client as a download. Before you can download the client, you have to provide your email address and a valid cell phone number. Note that the page is deceptively similar to the official Yahoo page, which is the page delivered to the user after their details have been submitted.

The following screenshots capture what I originally discovered on 3/12/2012:

A new email address was created using a GUID (let’s call this GUID_EMAIL), this was then submitted as the user’s email to downloadfrontier.com on 3/12/2012. Note that the GUID in question was created exclusively for downloadfrontier, i.e., it was only submitted to them and it was never published/known elsewhere. If you’re not familiar with what a GUID is, I must encourage you to do some further reading here. A key takeway from reading should be that it is very, very unlikely to generate the same GUID twice. As a result, if GUID_EMAIL was created exclusively for downloadfrontier.com and known only by downloadfrontier.com (and myself, of course), it is logical to assume that any email communication with GUID_EMAIL is as a result of having sent it to downloadfrontier.com

Not much happened for a while after submitting the email to downloadfrontier.com. On 3/22/2012 though, the spam started rolling in (it’s been on the increase ever since).

This advertiser is not just targeting Yahoo Messenger, I have found that he is also exploiting the work of iTunes, FrostwireYoutube Downloader,  Google ChromeMinecraft  AVG Anti-Virus 2012, and the Weather Channel Application 

« »