This time it’s Yahoo’s turn to be used in propogation of phishing. This is the second time in just a few weeks that this has happened. The nay-sayers are awefully quiet these days, have you noticed? Interesting. Anyway, I’ll stop playing the “I told you so” game, and stick to the facts. The fact is Yahoo is currently hosting a redirection script used for tracking. That link can be modified to forward to any domain of the attacker’s choice. The attacker happened to chose a phishing page (big surprise):

http://rds.yahoo.com/_ylt=A0LaSV66fNtDg.kAUoJXNyoA;_ylu=X3oDMTE2ZHVuZ3E3BGNvbG8DdwRsA1dTMQRwb3MDMwRzZWMDc3IEdnRpZANGNjU1Xzc1/SIG=148vsd1jp/EXP=1138544186/**http%3a//65.102.124.244/usage/.us/link.php

This is a live phishing site at the time of this writing. I’m not sure what else has to happen before these companies start jumping on these to close them down. It’s bad for the consumers, and it’s bad for their trust brand. I understand better than just about anyone why it’s important to be able to track your users’ activities, but there are other ways, like onclick event handlers, etc… 98-99% of users have JavaScript turned on so that should be good enough to track as a percentage. Or use a whitelist. Or use an embedded checksum. There are alternatives to leaving yourself open to these forms of attack.

Maybe I’m preaching to the choir now.

This entry was posted on Friday, September 1st, 2006 at 8:31 am and is filed under Webappsec, Phishing. Responses are currently closed, but you can trackback from your own site.