I am 100% certain that it is compromised accounts on yahoo where they steal the address books. They then seem to cross correlate and use common last names to mail people using other compromised yahoo accounts. Though I need to check if they have started forging as well through other servers.
I have seen a lot of these examples and have specific patterns that make this the only possibility. Regards, KAM Steve Prior <spr...@geekster.com> wrote: >>>> Here's the current version I'm using based on 3.4.0 trunk: >>> We're seeing many different variations. For example, we see over >>> 70 variations in the name (not just "Connor Hopkins"). >> Agreed. That's more of an internal meta because we had one person >really >> getting hammered. YMMV. > >I've been curious what's going on with the Yahoo spam because the from >name >that's been used has been someone I know, but the actual yahoo account >the spam >is sent from is not. So it sounds like spammers are using some means >to >determine the name of someone you know and then have an unrelated to >that person >compromised account send the spam to you with a name you know. I've >even >wondered if social networks are involved somehow. > >Steve