Re: Yahoo! -- A Phisher-friendly hosting domain?
Two comments. soapbox First, it's everyone's responsibility to do what's necessary to prevent their operation from being an abuse source, vector, or support service. That includes registrars, web hosts, DNS providers, email services, consumer ISPs, webmail services, corporations, end-users -- *everyone*. Nobody gets a pass. Of course, this isn't what's happening: and that's why abuse is such a massive problem. If people actually (gasp!) began running their operations in a responsible manner (starting with very simple and easy measures like read your abuse mailbox and take immediate action on all reported problems) then all these issues would of course still exist -- but at greatly reduced levels. However, it seems that many prefer to implicitly support abuse by doing nothing...that is, until their network neighbors grow tired of their inaction, and decide to put a cork in it by collaboratively blacklisting them -- at which point, the typical response, instead of being a contrite admission of long-term systemic failure, is plaintive, mock-outraged whining about how terribly unfair it all is. /soapbox Second, it appears to me that Yahoo may be contending with Microsoft for the title of largest spam-and-abuse support operation on the Internet. Both are completely infested with abusers of all descriptions, not just in the freemail operations, but their mailing lists, web hosting, etc. Both have established very long track records of not just failing to take action, but *refusing* to take action, even when someone else does their job for them, compiles the applicable evidence, and presents it to them. (Search, for example, the Google archives of Usenet for either yahoo clueless or hotmail clueless for more examples than any sane person, or even Fergie ;-), would ever want to read.) Here's a recent note (courtesy of John Levine) which is complementary to the one previously presented concerning Yahoo: From: [EMAIL PROTECTED] (John R. Levine) Newsgroups: news.admin.net-abuse.email Subject: Re: Microsoft -- starting to support spam? Date: 24 Aug 2005 11:25:40 -0400 [...] The other day I collected a list of domains hosted by MSN. Here's a few. If you were in the domain hosting business, would you let your customers register and use these? Microsoft did. MY-EBAY-EBAY.COM MY-EBAY-SIGNIN-BILLING-ACCOUNT.COM MY-EBAYAUCTION.COM MYEBAY-EBAY.COM ONLINE-EBAY-ESCROW.COM ONLINEAUCTIONSONEBAY.COM ONLINESAFETY-EBAY.COM PAYMENT-CONFIRM-EBAY.COM PAYMENT-DEPARTAMENT-EBAY.COM PAYMENT-DEPARTMENT-EBAY.COM PAYMENT-EBAYALERT.COM PAYMENTS-EBAY-SQUARETRADE.COM PAYMENTSUPPORT-EBAY.COM PLANETEBAY-VERIFICATION.COM PLANETEBAYONLINE.COM PURCHASE-EBAYSQUARETRADE.COM REACTIVE-EBAY.COM SAFE-DEPARTAMENT-EBAY.COM SAFE-SQUARETRADE-EBAYDEALS.COM SAFEDEALS-EBAYSQUARETRADE.COM SAFEDEPARTAMENT-EBAY.COM SAFEHARBOR-EBAYCENTRAL.COM SAFETY-PROTECTION-EBAY.COM SAFETYTEAM-EBAY.COM SCGI-EBAY-EBAYISAPI-DLL.COM PAYPAL-ACCOUNT-8414SWQ9.COM PAYPAL-ACCOUNT-SA435QS.COM PAYPAL-ACCOUNTINGS.COM PAYPAL-ACCOUNTS-UPDATE.COM PAYPAL-ALERT.COM PAYPAL-CONFIRMATION-ID-0746795.COM PAYPAL-CONFIRMATION-ID-PP0746S795.COM PAYPAL-CONFIRMATION-ID-PP4145570.COM PAYPAL-FRAUD-ALERT.COM PAYPAL-INTL-SERVICE.COM PAYPAL-MEMBER-SERVICES.COM PAYPAL-SECURES-UPDATES.COM R's, John Keep this in mind when anyone from either Yahoo or Microsoft pretends to somehow be interested in anti-spam or anti-phishing activities. Neither has demonstrated, to date, the slightest inclination or ability to even keep its own operation relatively free of spammers, phishers, etc. despite having at its fingertips the cumulative work of a large number of netizens who have diligently reported these problems to them. It's thus completely disengenuous of them to feign any interest in doing so on an Internet-wide basis. ---Rsk
Re: Yahoo! -- A Phisher-friendly hosting domain?
But it caught my eye that SOMEBODY at Yahoo! ought to be reviewing domain names like bankofthewestupdate.com Registrars should as well, but this is not the way the Internet works. Sometimes, this is a good thing, sometimes, it's not. It seems that the A RR has been pulled around 2005-08-30 21:00 UTC, so this particular issue has already been resolved.
Re: Yahoo! -- A Phisher-friendly hosting domain?
That's good, however, I regret that the issue had to be aired here because it didn't get attention it deserved through proper channels and elsewhere... - ferg -- Florian Weimer [EMAIL PROTECTED] wrote: But it caught my eye that SOMEBODY at Yahoo! ought to be reviewing domain names like bankofthewestupdate.com Registrars should as well, but this is not the way the Internet works. Sometimes, this is a good thing, sometimes, it's not. It seems that the A RR has been pulled around 2005-08-30 21:00 UTC, so this particular issue has already been resolved. -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: Yahoo! -- A Phisher-friendly hosting domain?
That's good, however, I regret that the issue had to be aired here because it didn't get attention it deserved through proper channels and elsewhere... If I read the timestamps correctly, your posting arrived via the NANOG list *after* the domain had been pulled.
Re: Yahoo! -- A Phisher-friendly hosting domain?
Shouldn't someone be watching these, though? [EMAIL PROTECTED]:~# whois paypal.com [...] PAYPAL.COM.SV04.COM PAYPAL.COM.LIMITSPEED.NET PAYPAL.COM While I agree in concept that this is not how the internet runs, and I am not proposing a domain name police force be instituted, it seems to me that things like this are easily caught. Not to mention, the purpose of them is clear. On Wed, 31 Aug 2005, Fergie (Paul Ferguson) wrote: That's good, however, I regret that the issue had to be aired here because it didn't get attention it deserved through proper channels and elsewhere... - ferg -- Florian Weimer [EMAIL PROTECTED] wrote: But it caught my eye that SOMEBODY at Yahoo! ought to be reviewing domain names like bankofthewestupdate.com Registrars should as well, but this is not the way the Internet works. Sometimes, this is a good thing, sometimes, it's not. It seems that the A RR has been pulled around 2005-08-30 21:00 UTC, so this particular issue has already been resolved. -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/ -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: Yahoo! -- A Phisher-friendly hosting domain?
On Wed, 31 Aug 2005, Fergie (Paul Ferguson) wrote: Someone is... or trying to, at least, watch and contact the responsible owners/registrars, but in some cases they aren't apparently eager to assist. Some registrars are good and some are bad and without better controls being developed by ICANN, user-based reputation system will eventually come in and will be greatly despised by registrars (like many ISPs do not like RBLs) but nonetheless widely used by users. -- Alex Rubenstein [EMAIL PROTECTED] wrote: Shouldn't someone be watching these, though? [EMAIL PROTECTED]:~# whois paypal.com [...] PAYPAL.COM.SV04.COM PAYPAL.COM.LIMITSPEED.NET PAYPAL.COM Above are hostnames under another domain that were registered as nameservers (which seems to be mostly for fun so it would show up in whois for those using less-then-smart whois clients). I don't think above names have anything to do with phishing at all since for phishing one could easily just setup host paypal.phisherdomain.com (without any registration in whois), but that is not widely used and a lot more common are attempts at something like paypa1.com. -- William Leibzon Elan Networks [EMAIL PROTECTED]
Yahoo! -- A Phisher-friendly hosting domain?
This would probably be better posted to NSP-SEC, but since I'm not subscribed (and have tried at least once), I'll share it here. For what it's worth, I'm involved in several security and anti-malware, anti-botnet, etc. group efforts, and I personally think that this particlar situation has gained enough badness status as to warrant wider public disclosure. A colleague alerted me to this earlier today (with permission to reprint): [snip] My attention was drawn earlier today to yet another phishing site on Yahoo! - we're already finding extreme porn and other disreputable sites moving there now that their abuse dept has been dismantled and reassembled in Oregon, apparently with all staff-under-training. But it caught my eye that SOMEBODY at Yahoo! ought to be reviewing domain names like bankofthewestupdate.com when they are set up on their servers, if only for reasons of due diligence ... otherwise Bank of the West might possibly have grounds for a lawsuit against Yahoo! ? Have any banks ever threatened to litigate against ISPs? If ever there was an incident calling out to be made a test case ... [snip] Details can be found here: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL31214 Also: [snip] The fact that very many phishers, 419s, and spamming pornographers are flocking to Yahoo is the result of changes that Yahoo have made to their abuse processing. Also, as they run ClamAV on all mail to their new abuse desk in Oregon, any reports to them that contain evidence of phishing incidents are automatically rejected by the ClamAV filtering - so it is difficult to know exactly HOW Yahoo! could have been expected to take action on these cases. (Yahoo! have been told about the situation by several respected individuals but from the reactions it seems that they do not care.) [snip] A more interesting link can be found here: http://www.spamhaus.org/sbl/listings.lasso?isp=yahoo.com This is somewhat disturbing. - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/