Yahoo! -- A "Phisher-friendly" hosting domain?

This would probably be better posted to NSP-SEC, but since
I'm not subscribed (and have tried at least once), I'll share
it here.

For what it's worth, I'm involved in several security and
anti-malware, anti-botnet, etc. group efforts, and I personally
think that this particlar situation has gained enough "badness"
status as to warrant wider public disclosure.

A colleague alerted me to this earlier today (with permission to reprint):


My attention was drawn earlier today to yet another phishing site on Yahoo! - we're already finding extreme porn and other disreputable sites moving there now that their "abuse dept" has been dismantled and reassembled in Oregon, apparently with all staff-under-training.

But it caught my eye that SOMEBODY at Yahoo! ought to be reviewing domain names like "" when they are set up on their servers, if only for reasons of due diligence ... otherwise Bank of the West might possibly have grounds for a lawsuit against
Yahoo! ? Have any banks ever threatened to litigate against ISPs?

If ever there was an incident calling out to be made a test case ...


Details can be found here:



The fact that very many phishers, 419s, and spamming pornographers are flocking to Yahoo is the result of changes that Yahoo have made to their abuse processing. Also, as they run ClamAV on all mail to their "new" abuse desk in Oregon, any reports to them that contain evidence of phishing incidents are automatically rejected by the ClamAV filtering - so it is difficult to know exactly HOW Yahoo! could have been expected to take action on these cases.

(Yahoo! have been told about the situation by several respected individuals but from the reactions it seems that they do not care.)


A more interesting link can be found here:

This is somewhat disturbing.

- ferg

But it caught my eye that SOMEBODY at Yahoo! ought to be reviewing
domain names like ""

Registrars should as well, but this is not the way the Internet works.
Sometimes, this is a good thing, sometimes, it's not.

It seems that the A RR has been pulled around 2005-08-30 21:00 UTC, so
this particular issue has already been resolved.

Two comments.


First, it's everyone's responsibility to do what's necessary
to prevent their operation from being an abuse source, vector,
or support service. That includes registrars, web hosts, DNS
providers, email services, consumer ISPs, webmail services,
corporations, end-users -- *everyone*. Nobody gets a pass.

Of course, this isn't what's happening: and that's why abuse
is such a massive problem. If people actually (gasp!) began
running their operations in a responsible manner (starting with
very simple and easy measures like "read your abuse mailbox
and take immediate action on all reported problems") then all
these issues would of course still exist -- but at greatly
reduced levels. However, it seems that many prefer to implicitly
support abuse by doing nothing...that is, until their network
neighbors grow tired of their inaction, and decide to put a
cork in it by collaboratively blacklisting them -- at which point,
the typical response, instead of being a contrite admission of
long-term systemic failure, is plaintive, mock-outraged whining
about how terribly unfair it all is.


Second, it appears to me that Yahoo may be contending with Microsoft
for the title of "largest spam-and-abuse support operation on
the Internet". Both are completely infested with abusers of
all descriptions, not just in the freemail operations, but their
mailing lists, web hosting, etc. Both have established very
long track records of not just failing to take action, but
*refusing* to take action, even when someone else does their job
for them, compiles the applicable evidence, and presents it to
them. (Search, for example, the Google archives of Usenet for
either "yahoo clueless" or "hotmail clueless" for more examples
than any sane person, or even Fergie ;-), would ever want to read.)

Here's a recent note (courtesy of John Levine) which is complementary
to the one previously presented concerning Yahoo: