Google Groups as a Weapon of Evil

Spammers are evil. Spam is evil.

Over the weekend, some enterprising spammer managed to ramp this up to new heights hitherto unheard of by me.

Sadly, it was probably completely unintentional on his part.

It all started Saturday afternoon, when i received an e-mail in one of my inboxes informing me that I’d been added to a Google Group with a completely meaningless name – asfdsafdasdf, or somesuch. I didn’t pay a whole lof ot attention, because it looked like spam.

Fifteen minutes later, well…

In the opening moments of Hell on Earth, I received a spam. Just one. That’s what started the whole avalanche of horrors.

It was a phishing e-mail for a foreign bank.

Unfortunately for everyone involved, the dipshit spammer was evidently spamming addresses automatically “scraped” off the web. Know why this is particularly stupid? Because you wind up with lots of “role” accounts – orders@, support@, inquiries@, advertising@, sales@, and so on.

So, thanks to the magic of Google Groups, I received in my inbox one spam message.

And then about eighty auto-responses from various people’s ordering systems and support-ticket software and sundry other instantly-generated auto-acknowledgments. Each of which was promptly turned around by Google and sent out to the whole list again… including the seventy-nine or so other auto-responding addresses on the list.

Completely useless e-mail messages were arriving at a rate of around 200 a minute. And because Google’s servers usually aren’t blacklisted anywhere – they’re usually even whitelisted – this steaming torrent of effluvient poured into my inbox, unhindered.

Even after I hurriedly sent Google an “unsubscibe” message, another five hundred or so messages poured in before the request was accepted and everything in the queue was delivered.

I’m sure the idiotic phishing spammer didn’t mean to DDOS all his victims, but that’s pretty much what he did. I shudder at the thought of all the people who sat down yesterday morning to check their inboxes and found them completely full of this crap, and thousands more queue’d by their mailserver.

And I shudder at the thought that someone could unleash this sort of thing on purpose, if they wanted to.

Do no evil, Google. And don’t facilitiate others’ evil, either…

Published in: Geekiness, General, Security | on August 17th, 2010| Comments Off on Google Groups as a Weapon of Evil

Both comments and pings are currently closed.

Comments are closed.