FYI...

Google / Yahoo SPAM_A_LOT accounts...
- http://voices.washingtonpost.com/securityfix/2008/08/web_fraud_20_defeating_anti-sp.html
August 25, 2008 - "...new accounts, of course, are not logged yet by anti-spam filters, so they give spammers a new platform to deliver their garbage. Also, Google's or Yahoo's domains are unlikely to be blacklisted by anti-spam groups... The main anti-captcha.com service is something of a fixed-price menu: They charge $1 for every 1,000 CAPTCHAs you send. But the site also features an à la carte menu, selling new and used Gmail and Yahoo Web mail accounts in bulk. Currently offered are packages for 1,000, 10,000 and even 100,000 accounts at a time. Anti-captcha.com is selling 1,000 new Gmail accounts for $8, 10,000 Gmail accounts for $64, and 50,000 pristine Gmail inboxes for $280. Some 100,000 used Yahoo! mail accounts can be had for $150 to $200."

FYI...

Email, Web, and Web 2.0 Blended Attacks
- http://securitylabs.websense.com/content/Blogs/3176.aspx
09.08.2008 - "...For the spammers, the entire attack strategy always includes more than registering email accounts using Anti-CAPTCHA operations, sending mass emails over the Internet, infecting thousands of user machines, and stealing information. It also involves switching the attack strategy with a mindset of targeting both Email and Web space using a combination of different tactics, which could be manual as well as automated, to carry out various attacks... The spammers are now using such operations for a variety of social-engineering attacks, a trend that has been increasingly common with various popular Web 2.0 sites... spammers are observed to be using Google’s well-known blog publishing system, Blogger, for posting random comments to blogs, wikis, guestbooks, or other publicly accessible online discussion boards for promoting their products and services, adware installations, and malware infections for stealing information... Spammers create such splogs using machine-generated or hijacked content with the aim of targeting unsuspecting users. Also, observe that spammers also include links in their splogs referring to legitimate sites in order to trick users... Once the blog owners are victimized with such tactics, the spammers' next phase is to target the blog owner’s email address with mass emails to carry out different attacks..."

(Screenshots available at the URL above.)