Malware advertisers noticed that email from the trusted sites goes straight to the inbox
Because any email arriving from Yahoo or Google services is considered to be legitimate and useful, spammers take advantage of this bug to spread their malevolent messages.Chester Wisniewski from Sophos revealed that he has been receiving a lot of spam email from Google Picasa and Yahoo! Groups, all being attempts of hackers to cast “spammy” allerts.
In the case of Google's Picasa, the thing is simple. A random account is created which contains text and some attached pictures that are then shared with other members.
That's how you might end up receiving a large number of Picasa web albums.
Because anything coming from the popular picture manager is considered to be harmless, it never ends up in the spam folder of the mail box, instead it floods your inbox with all sorts of scam attempts.
With Yahoo! Groups the principle is more complicated but spammers can just as easily take advantage of the policy slip.
The rules allow anyone who owns a group to add members without asking for their permission. Instead, after you are unwillingly made part of a group, you have to unsubscribe in order to stop receiving alerts.
This mechanism is utilized successfully and as Chester pointed out, in many cases it's not the easiest thing to unsubscribe. Another one of Yahoo's policies makes certain links expire “to prevent abuse,” this making it impossible to cancel a subscription.
This is a first for Google, but Yahoo keeps making these mistakes that clearly affect their image. First they served malware, and yesterday we've discovered that they're forcing charity downloads on top of search results.
Recent issues that occurred inside the company have clearly taken their toll on the way things work around there and they'd better get their act together otherwise the company will continue losing ground in front of the competitors.