Yahoo Phisher Still Phishing A Month After Identification?

Confident that your giant provider is protecting your best interests? Don’t be.

Early in May, F-Secure techs identified yahoo-members.com (72.29.81.85) as a Yahoo! Account phishing scam. At the time, no blacklists included the site.

They quickly notified the Yahoo! abuse team which, they believe, has “taken action” against the website.

After waiting a month, F-Secure techs submitted yahoo-members.com to whois again. Still active. Here’s what our whois-run returned:

Registered through: GoDaddy.com, Inc.
Domain Name: YAHOO-MEMBERS.COM
Created on: 01-Nov-05
Expires on: 01-Nov-06
Last Updated on: 01-Nov-05Administrative Contact:
melton, walter gatorsalley31@yahoo.com
526 18th st
monroe, Wisconsin 53566
United States
(608) 325-2121

Domain servers in listed order:
NS1.PRO-HOSTWEB.COM
NS2.PRO-HOSTWEB.COM

Our RBL Check returned the same results as F-Secure’s. No listings.

Noting that the number of narrowly-focused spear phishing attacks has increased dramatically, F-Secure techs suggest that its low visibility may be the reason for this beast’s survival.

They conclude that blacklists and other methods are ineffective against spear phishers.

As Email Battles has long chronicled, other solutions provide limited protection as well.

One vigorously promoted solution, the digital certificate, suffers from a Maginot Line-like dependency on the security of the user’s computer. Once your system has been penetrated, an attacker could actually deploy your digital certificates against you, cleaning out trusted accounts or spewing encrypted phishmail in your name.

In addition, nearly 40% of the SSL certificates encountered by web users are not valid. This can be a problem for browsers and anti-phishing toolbars that depend on them.

But even those anti-phishing toolbars that don’t depend on digital signatures share a major problem. Users simply ignore them because they consider them to be unreliable.

MIT researchers concluded that toolbars won’t get much respect till their warnings are 100% accurate and much more intrusive.

So what’s a phish-sick user to do until then?

If you refuse to practice Safe Computing and insist on going places that make you nervous, try an anti-phishing toolbar or anti-phishing search site. When Email Battles searched with TrustWatch, the link to yahoo-members.com was emblazoned with the TrustWatch Warning icon.

You could have knocked us over with a feather.

Email Battles Backgrounder:

• Phishing Fireworks Fail To Ignite End User Interest; Email Battles; 15 May 2006.
• Why Phishers Don’t Fear SSL Toolbars; Email Battles; 09 May 2006.
• Researcher: Digital Signatures Can Lie To Linux, OSX and Windows Users; Email Battles; 01 May 2006.
• Will phishers feast on German bank’s e-signatures?; NewsByte; Email Battles; 07 April 2006.
• Phishing Incident Reporting & Termination (PIRT) Squad chases bad guys; NewsByte; Email Battles; 27 March 2006.
• Low Assurance SSL-based Phishing Attacks Against Banks and Credit Unions on the Rise; NewsByte; Email Battles; 17 February 2006.
• Phisher proves SSL Certificates can’t be trusted; NewsByte; Email Battles; 14 February 2006.
• Phishers obtain logo copying technology; NewsByte; Email Battles; 09 December 2005.
• Study: Phishmail outsmarts 75% of web; NewsByte; Email Battles; 07 December 2005.
• Browser Makers Go Green to Combat Phishers; NewsByte; Email Battles; 23 November 2005.
• Email Phishing Problem Solved; Email Battles; 20 October 2005.
• Phishing Prescription Bad Medicine; Email Battles; 20 October 2005.
• Windows Phishing Filter Cost Too High; Email Battles; 09 September 2005.
• The Phish Are Biting. Don’t Become One.; Email Battles; 20 October 2005.
• Exposed! The Real Phishing Enablers?; Email Battles; 20 October 2005.
• Snagged By A Phishing Scam? How To Recover; Email Battles; 24 March 2005.
• Anti-Scam Tool Beats Phishers; Email Battles; 30 July 2004.