Brightcloud tagging Yahoo sites as Phishing and Fraud

Reply
L2 Linker

Brightcloud tagging Yahoo sites as Phishing and Fraud

Greetings!

Today I received several helpdesk calls concerning yahoo! mail not working. Logs show that the 'yming.com' site that yahoo! uses is being flagged as a 'Phishing and Fraud' site.

I know I can report it (24-48 hour fix) and can manually unblock, but what a pain. Is anyone else seeing this issue?

Not applicable

Re: Brightcloud tagging Yahoo sites as Phishing and Fraud

I am out of the office on 5/29 and 5/30 and will be back in the office on 5/31. If you need immediate assistance, please contact the Help Desk.

L0 Member

Re: Brightcloud tagging Yahoo sites as Phishing and Fraud

When I load yming.com it goes to one of those pesky (probably malicious) fake search pages.  For us - haven't run into any Yahoo blocks and we are running current content.

Cheers,

Mike

L2 Linker

Re: Brightcloud tagging Yahoo sites as Phishing and Fraud

Weird. I know that several of our folks had this problem, and unblocking yimg.com was the fix..

L5 Sessionator

Re: Brightcloud tagging Yahoo sites as Phishing and Fraud

Hi Everyone,

There was indeed an issue with a site that is associated with Yahoo Mail. 

Some quick background - mail.yahoo.com has always been correctly classified, and mail.yimg.com (which provides content for mail.yahoo.com) has always inherited its categorization from yimg.com, which has historically been categorized as internet portal.

However, a blackhole exploit and javascript used in some phishing attacks was found on the following URL on 5/16/2012:

mail.yimg.com/zz/combo?/nq/mc/15_0_2/js/yui_utils.js&/nq/mc/15_0_2/js/core.js&/d/lib/bc/bc_2.0.4.js&... on

As a result, BrightCloud changed the category for mail.yimg.com to Phishing, which then caused Yahoo Mail not to load properly if customers had a policy to blocking Phishing.

BrightCloud quickly realized this mistake and corrected the categorization for mail.yimg.com (it is now web-based email, since it is linked to mail.yahoo.com) and published a new database for it.  For those customers that were affected by this, the cache entry should automatically be corrected when you download a new BrightCloud database (this is usually done by default on a daily basis - check your software update schedule).

Hope this helps,

Doris

L6 Presenter

Re: Brightcloud tagging Yahoo sites as Phishing and Fraud

Thanks for great feedback! :-)

L2 Linker

Re: Brightcloud tagging Yahoo sites as Phishing and Fraud

Thanks, love to know the details!

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!