https://live.paloaltonetworks.com/t5/general-topics/brightcloud-tagging-yahoo-sites-as-phishing-and-fraud/m-p/21814#M15937 <HTML><HEAD></HEAD><BODY><P>Hi Everyone,</P><P></P><P>There was indeed an issue with a site that is associated with Yahoo Mail.&nbsp; </P><P></P><P>Some quick background - mail.yahoo.com has always been correctly classified, and mail.yimg.com (which provides content for mail.yahoo.com) has always inherited its categorization from yimg.com, which has historically been categorized as internet portal.</P><P></P><P>However, a blackhole exploit and javascript used in some phishing attacks was found on the following URL on 5/16/2012:</P><P><A href="http://mail.yimg.com/zz/combo?/nq/mc/15_0_2/js/yui_utils.js&amp;/nq/mc/15_0_2/js/core.js&amp;/d/lib/bc/bc_2.0.4.js&amp;/nq/mc/15_0_2/js/darla.js&amp;/nq/mc/15_0_2/js/async.js&amp;/d/lib/ult/ylc_1.9.js&amp;/nq/mc/15_0_2/js/imboot.js&amp;/nq/gx/a/2.17.0.2a/js/yui_loader_mg/ba87c64b1f20e3e7898b0dc28b2173a6_1.js&amp;/nq/gx/a/2.17.0.2a/js/combo/init/us/5d97332c6924d7b42d469dc77113ac15_1.js">mail.yimg.com/zz/combo?/nq/mc/15_0_2/js/yui_utils.js&amp;/nq/mc/15_0_2/js/core.js&amp;/d/lib/bc/bc_2.0.4.js&amp;/nq/mc/15_0_2/js/darla.js&amp;/nq/mc/15_0_2/js/async.js&amp;/d/lib/ult/ylc_1.9.</A> on </P><P></P><P>As a result, BrightCloud changed the category for mail.yimg.com to Phishing, which then caused Yahoo Mail not to load properly if customers had a policy to blocking Phishing.</P><P></P><P>BrightCloud quickly realized this mistake and corrected the categorization for mail.yimg.com (it is now web-based email, since it is linked to mail.yahoo.com) and published a new database for it.&nbsp; For those customers that were affected by this, the cache entry should automatically be corrected when you download a new BrightCloud database (this is usually done by default on a daily basis - check your software update schedule).</P><P></P><P>Hope this helps,</P><P>Doris</P></BODY></HTML> Wed, 30 May 2012 15:51:35 GMT dyang 2012-05-30T15:51:35Z https://live.paloaltonetworks.com/t5/general-topics/brightcloud-tagging-yahoo-sites-as-phishing-and-fraud/m-p/21810#M15933 <HTML><HEAD></HEAD><BODY><P>Greetings!</P><P>Today I received several helpdesk calls concerning yahoo! mail not working. Logs show that the 'yming.com' site that yahoo! uses is being flagged as a 'Phishing and Fraud' site.</P><P>I know I can report it (24-48 hour fix) and can manually unblock, but what a pain. Is anyone else seeing this issue?</P></BODY></HTML> Wed, 30 May 2012 14:36:41 GMT https://live.paloaltonetworks.com/t5/general-topics/brightcloud-tagging-yahoo-sites-as-phishing-and-fraud/m-p/21810#M15933 cloughr 2012-05-30T14:36:41Z https://live.paloaltonetworks.com/t5/general-topics/brightcloud-tagging-yahoo-sites-as-phishing-and-fraud/m-p/21811#M15934 <HTML><HEAD></HEAD><BODY><P>I am out of the office on 5/29 and 5/30 and will be back in the office on 5/31. If you need immediate assistance, please contact the Help Desk.</P></BODY></HTML> Wed, 30 May 2012 14:37:44 GMT https://live.paloaltonetworks.com/t5/general-topics/brightcloud-tagging-yahoo-sites-as-phishing-and-fraud/m-p/21811#M15934 u7483 2012-05-30T14:37:44Z https://live.paloaltonetworks.com/t5/general-topics/brightcloud-tagging-yahoo-sites-as-phishing-and-fraud/m-p/21812#M15935 <HTML><HEAD></HEAD><BODY><P><SPAN lang="EN">When I load yming.com it goes to one of those pesky (probably malicious) fake search pages.&nbsp; For us - haven't run into any Yahoo blocks and we are running current content.</SPAN></P><P><SPAN lang="EN">Cheers,</SPAN></P><P><SPAN lang="EN">Mike</SPAN><SPAN lang="EN"></SPAN></P></BODY></HTML> Wed, 30 May 2012 14:43:55 GMT https://live.paloaltonetworks.com/t5/general-topics/brightcloud-tagging-yahoo-sites-as-phishing-and-fraud/m-p/21812#M15935 mikenh 2012-05-30T14:43:55Z https://live.paloaltonetworks.com/t5/general-topics/brightcloud-tagging-yahoo-sites-as-phishing-and-fraud/m-p/21813#M15936 <HTML><HEAD></HEAD><BODY><P>Weird. I know that several of our folks had this problem, and unblocking yimg.com was the fix..</P></BODY></HTML> Wed, 30 May 2012 15:00:15 GMT https://live.paloaltonetworks.com/t5/general-topics/brightcloud-tagging-yahoo-sites-as-phishing-and-fraud/m-p/21813#M15936 cloughr 2012-05-30T15:00:15Z https://live.paloaltonetworks.com/t5/general-topics/brightcloud-tagging-yahoo-sites-as-phishing-and-fraud/m-p/21814#M15937 <HTML><HEAD></HEAD><BODY><P>Hi Everyone,</P><P></P><P>There was indeed an issue with a site that is associated with Yahoo Mail.&nbsp; </P><P></P><P>Some quick background - mail.yahoo.com has always been correctly classified, and mail.yimg.com (which provides content for mail.yahoo.com) has always inherited its categorization from yimg.com, which has historically been categorized as internet portal.</P><P></P><P>However, a blackhole exploit and javascript used in some phishing attacks was found on the following URL on 5/16/2012:</P><P><A href="http://mail.yimg.com/zz/combo?/nq/mc/15_0_2/js/yui_utils.js&amp;/nq/mc/15_0_2/js/core.js&amp;/d/lib/bc/bc_2.0.4.js&amp;/nq/mc/15_0_2/js/darla.js&amp;/nq/mc/15_0_2/js/async.js&amp;/d/lib/ult/ylc_1.9.js&amp;/nq/mc/15_0_2/js/imboot.js&amp;/nq/gx/a/2.17.0.2a/js/yui_loader_mg/ba87c64b1f20e3e7898b0dc28b2173a6_1.js&amp;/nq/gx/a/2.17.0.2a/js/combo/init/us/5d97332c6924d7b42d469dc77113ac15_1.js">mail.yimg.com/zz/combo?/nq/mc/15_0_2/js/yui_utils.js&amp;/nq/mc/15_0_2/js/core.js&amp;/d/lib/bc/bc_2.0.4.js&amp;/nq/mc/15_0_2/js/darla.js&amp;/nq/mc/15_0_2/js/async.js&amp;/d/lib/ult/ylc_1.9.</A> on </P><P></P><P>As a result, BrightCloud changed the category for mail.yimg.com to Phishing, which then caused Yahoo Mail not to load properly if customers had a policy to blocking Phishing.</P><P></P><P>BrightCloud quickly realized this mistake and corrected the categorization for mail.yimg.com (it is now web-based email, since it is linked to mail.yahoo.com) and published a new database for it.&nbsp; For those customers that were affected by this, the cache entry should automatically be corrected when you download a new BrightCloud database (this is usually done by default on a daily basis - check your software update schedule).</P><P></P><P>Hope this helps,</P><P>Doris</P></BODY></HTML> Wed, 30 May 2012 15:51:35 GMT https://live.paloaltonetworks.com/t5/general-topics/brightcloud-tagging-yahoo-sites-as-phishing-and-fraud/m-p/21814#M15937 dyang 2012-05-30T15:51:35Z https://live.paloaltonetworks.com/t5/general-topics/brightcloud-tagging-yahoo-sites-as-phishing-and-fraud/m-p/21815#M15938 <HTML><HEAD></HEAD><BODY><P>Thanks for great feedback! <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P></BODY></HTML> Wed, 30 May 2012 19:52:45 GMT https://live.paloaltonetworks.com/t5/general-topics/brightcloud-tagging-yahoo-sites-as-phishing-and-fraud/m-p/21815#M15938 mikand 2012-05-30T19:52:45Z https://live.paloaltonetworks.com/t5/general-topics/brightcloud-tagging-yahoo-sites-as-phishing-and-fraud/m-p/21816#M15939 <HTML><HEAD></HEAD><BODY><P>Thanks, love to know the details!</P></BODY></HTML> Wed, 30 May 2012 22:10:46 GMT https://live.paloaltonetworks.com/t5/general-topics/brightcloud-tagging-yahoo-sites-as-phishing-and-fraud/m-p/21816#M15939 cloughr 2012-05-30T22:10:46Z