Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Yahoo! -- A "Phisher-friendly" hosting domain?

  • From: Fergie (Paul Ferguson)
  • Date: Tue Aug 30 21:42:10 2005

This would probably be better posted to NSP-SEC, but since
I'm not subscribed (and have tried at least once), I'll share
it here.

For what it's worth, I'm involved in several security and
anti-malware, anti-botnet, etc. group efforts, and I personally
think that this particlar situation has gained enough "badness"
status as to warrant wider public disclosure.

A colleague alerted me to this earlier today (with permission to reprint):

[snip]

My attention was drawn earlier today to yet another phishing site on Yahoo! - we're already finding extreme porn and other disreputable sites moving there now that their "abuse dept" has been dismantled and reassembled in Oregon, apparently with all staff-under-training.

But it caught my eye that SOMEBODY at Yahoo! ought to be reviewing domain names like "bankofthewestupdate.com" when they are set up on their servers, if only for reasons of due diligence ... otherwise Bank of the West might possibly have grounds for a lawsuit against
Yahoo! ? Have any banks ever threatened to litigate against ISPs?

If ever there was an incident calling out to be made a test case ...

[snip]

Details can be found here:
 http://www.spamhaus.org/sbl/sbl.lasso?query=SBL31214

Also:

[snip]

The fact that very many phishers, 419s, and spamming pornographers are flocking to Yahoo is the result of changes that Yahoo have made to their abuse processing. Also, as they run ClamAV on all mail to their "new" abuse desk in Oregon, any reports to them that contain evidence of phishing incidents are automatically rejected by the ClamAV filtering - so it is difficult to know exactly HOW Yahoo! could have been expected to take action on these cases.

(Yahoo! have been told about the situation by several respected individuals but from the reactions it seems that they do not care.)

[snip]

A more interesting link can be found here:
 http://www.spamhaus.org/sbl/listings.lasso?isp=yahoo.com

This is somewhat disturbing.


- ferg


--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg@netzero.net or fergdawg@sbcglobal.net
 ferg's tech blog: http://fergdawg.blogspot.com/





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.