Richard Cox, chief information officer of Spamhaus, told an audience of politicians, security experts and law enforcement officials that Yahoo has just under 5,000 domains hosted and registered with the words 'bank', 'eBay' and 'PayPal' within the domain names.
Most of those are used as phishing sites, Cox told the London "eConfidence -- Spam and Scams" conference.
Cox said that ISPs are failing to train their staff to recognise this as a security issue. "ISPs are treating abuse issues as customer service issues," Cox claimed.
In response, Yahoo said it would follow up Cox's claims. "We take security very seriously and will be investigating this issue fully," said Nick Hazell, alliance director for Yahoo Europe.
It is understood that most of these domains were registered in the US; it may be hard for Yahoo to take action until the domains are used in a phishing attack.
Meanwhile Ed Gibson, Microsoft UK's newly appointed chief security advisor, praised Spamhaus for its work. "Hats off to Spamhaus," Gibson told the audience. "We don't do a good job of responding to abuse. Spamhaus is excellent at highlighting areas of deficiency."
ZDNet UK's Tom Espiner reported from London. For more coverage from ZDNet UK, click here.
I recieve on average 6 phising emails per week which are hosted from Yahoo hosted sites. Mostly these target ebay or paypal but are easily detected when the links dont equal the text which hosts the link.
Surely they have this covered in any hosting agreement, and they could literally sue the pants of these charletons.
Lets hope they will act soon