After further research, CA Security Advisor Research Blog tells that this is actually a phishing scam.

I never clicked the links included on the spams I receive. But as the article indicates, links on the spam (each message might contain a different link) points to a single IP and it is a website about the pills offering a free trial of the popular fruit. However, upon checkout, it is not using the “https://” or secure http, which definitely means phishing. So if the unfortunate victim clicks submit, his credit card information will be sent to someone so he/she can use it for fraud.

So how does this spam works? This is only my theory. Either a malware on our computers or from some net cafe we went to was able to catch our username and password. Due to reports that the spam is received from clients that are “logged off” from Yahoo (which is my experience), I believe that a certain spambot on some server (maybe the same server as the phishing website) logs in using the username and password, sends a buzz to the poor clients contacts then sends the spam message with the link. So the unsuspecting receipient thinks that the message is legitimate, clicks the link, attracted by the offer (since Acai berry was really promoted by Oprah Winfrey and Rachel Ray), takes the trial, fills the credit card info, hits submit, and his/her credit card details are now in the hands of the criminals for their use.

Some possible but reasonable tips on how to avoid/solve this problem (take note, this might not solve the problem, but you won’t lose anything if you try):

• Update your operating system, softwares, etc. with the latest patches from the manufacturers.
• Update your security software (anti-virus) virus definitions.
• Do a regular (on your own terms:)) full system scan.
• Don’t trust files from the internet (unless you are sure, don’t run or install).
• Change your YM password.
• Inform your friends who are sending the spam to do the same thing.

I have already changed my password and will be monitoring if someone will still receive a message from me.

Notes: (from www.wikipedia.org)

Spam – A collection of unsolicited bulk electronic messages

Phishing – the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.

Acai Berry (açaí palm) – a member of the genus Euterpe, which contains 8 species of palms native to tropical Central and South America, from Belize south to Brazil and Peru, growing mainly in floodplains and swamps. Recently, the açai “berry” has been touted and marketed as a highly beneficial dietary supplement. Companies sell açaí berry products in the form of tablets, juice, smoothies, instant drink powders, and whole fruit.

There can never be a “spam free world”, but at least we can do something to minimize it.

Spam Messenger under a Yahoo ID

I’ve been a long time Yahoo! Messenger (YM) user. Yahoo was my first e-mail account and most of my contacts are Yahoo!.
I won’t make the intro long. So here’s what’s I want to post. There are times before where I receive an instant message from an unknown Yahoo! ID. Well, simply, that was spamming. I suspect the spammers were able to get my email address from forums or at the Yahoo! Chatrooms. But then lately (I believe it started last year), I am receiving “wierd” IMs from my yahoo buddies (those are my friends). The first one, as I recalled, was in a different language (Korean or something). I then asked that friend if some one else was using here computer. She told me nobody’s using her PC aside from her, I suspected an account hacking.

I then asked some “pro” regarding this and they told me that most probably, this was caused by a malware or a “worm”. I asked my friend to do a virus scan. She wiped out her hard drive and made a fresh install. Since then, there were no more “spam” from her.

However, another buddy got “infected” by this and sends out IMs also on a different language. But lately, I was surprised because one of my buddies were sending me IMs (in English) regarding a “diet pill” (sample of the message below). I thought he was just promoting something. But when almost 5 buddies were sending the message, I was alarmed that they might be infected by a worm or malware.

Yesterday, I asked my brother if he was receiving messages like that and he said yes. I the asked if he received one from me, I believe he said no but when I came to office, he had sent me an email with a message coming from me. We talked in the morning and the message was timestamped at 10:35 in the evening.. I left home 10 in the evening.
Before the message reach you, your “buddy” will first “buzz” (hitting ctrl+g on yahoo messenger client will buzz or shake the other contacts IM window to get attention) you and then send out the message. If you could notice in the image, the buzz was made 10:35:01pm and the message was sent at the exact same second. With the length of that message, it is imposible to type it in split second, unless you copy – paste very quickly. The worst thing is, I am using Pidgin, an opensource, multi platform/protocol (you can have AIM, Gtalk, YM, IRC, multiple accounts on same protocol) instant messenging client. And this program doesn’t have the “buzz” feature. I am sure my wife didnt’ use YM cause she knew about Pidgin. (Thought I’m not going to make this long??)

So the question is, is my account being “hacked”. Was someone able to figure out the passwords of these users (including me) and then send spam to all our contact on our list? Or it is a worm the controls not the IM client, but the connection itself so it can send messages and command without opening an IM windows and execute a feature (the “buzz”) even if it is not supported by your client. Most probably it is a worm or malware.

I tried searching the net but not enough info. My brother gave me a link to a forum (on a different language). But when I try google’s transaltor, it is filtered in our office. So my resolution is to do a full system scan. Also run anti-malware/spyware scan. Then reformat and reinstall everything (which I will be doing anyway since my partitioning sucks), and delete any programs I downloaded from the net that I don’t need (well, those are clean programs, but I don’t need it).

Another question is, how did I get that malware/worm. Honestly, I don’t know. There are actually 3 computers at home. Two desktops and a laptop. The other desktop, is owned by my wife’s sister. I used to secure that computer but my wife’s nephew wants to do it “his way”. I turned of file and print sharing then. However the laptop was being used by my father-in-law and other people. File and print sharing is active on that one. In any case, some worm/malware can penetrate other computers on the network even if file and print sharing is off. And there are viruses, worms, and malware on the other desktop.

The laptop’s LCD is broken, and I already disconnected the other desktop from the network. Maybe this time, everything will be fine after reinstall.

Lesson to learn: Don’t trust everything on the net (websites/files/etc.) and always do a system scan (anti malware/spyware etc….) once in a while. And buy a good router with good firewall settings (that’s what I’m going to do).

NOTE: I’ve already written an update for this here.