[89642] in North American Network Operators' Group
Re: Yahoo-hosted phishing sites
daemon@ATHENA.MIT.EDU (Jon R. Kibler)
Wed Mar 29 11:56:50 2006
Date: Wed, 29 Mar 2006 11:56:17 -0500
From: "Jon R. Kibler" <Jon.Kibler@aset.com>
To: MARLON BORBA <MBORBA@trf3.gov.br>
Cc: nanog@nanog.org
Errors-To: owner-nanog@merit.edu
This is a multi-part message in MIME format...
------------=_1143651384-28549-585
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
MARLON BORBA wrote:
>
> Did you tried the form to report "Phishing Sites on Yahoo"?
>
> http://add.yahoo.com/fast/help/us/domains/cgi_phishing
>
Yeah, tried that too. Get back a message saying that they are not yahoo servers.
For example, just yesterday had a couple of phish quarantined by ClamAV that were using http://rds.yahoo.com/{whatever} as the URL. (It may have been a redirect, but there was no other URL embedded into the message -- nor was there unicode or anything similar.) The hostname rds.yahoo.com is an alias for rds.yahoo7.akadns.net, and that appears to be why yahoo's automated response disclaims it.
If you try to send to anything@akadns.net, their mail server rejects it saying that the mail is an illegal relay attempt.
Jon
--
Jon R. Kibler
Chief Technical Officer
A.S.E.T., Inc.
Charleston, SC USA
(843) 849-8214
==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.
------------=_1143651384-28549-585--
