CYBERSPACE – According to leading anti-spam and online security organization Spamhaus, Yahoo is host to thousands of “phishing” sites, doesn’t have sufficiently well-trained staff to address the problem of online fraud, and has not taken the correct approach to addressing the issue, generally.At the “eConfidence – Spam and Scams” conference in London, chief information officer of Spamhaus Richard Cox told the assembled audience of security experts, law enforcement officials and politicians that Yahoo currently has a little under 5,000 domains hosted and registered with the words “’PayPal,” “bank” and “eBay” within the domain name. Most such sites are used as phishing sites, Cox said.

“ISPs are treating abuse issues as customer service issues,” Cox said, and have failed to train their staff to recognize phishing as a security issue.

In an interview with ZDNet UK, alliance director for Yahoo Europe Nick Hazell said, “We take security very seriously and will be investigating this issue fully.” Company officials point to the difficulty in combating the fraudulent sites, saying it is difficult for Yahoo to take action until the domains are actually employed for phishing or other fraudulent purposes.

Ed Gibson, Microsoft UK’s chief security advisor, praised Spamhaus for its work. “Hats off to Spamhaus,” Gibson said to the audience at the eConfidence conference, “we don’t do a good job of responding to abuse. Spamhaus is excellent at highlighting areas of deficiency.”

This isn’t the first go-round for Spamhaus and Yahoo; back in September of 2002, Spamhaus added the Yahoo “stores” site to its spammer blacklist, after Spamhaus received thousands of spam complaints that “just weren’t being acted upon,” according to Steve Linford, director of the Spamhaus project. Spamhaus subsequently removed Yahoo from their blacklist when it learned that Yahoo was adding a new “spam team” specifically assigned to deal with spam complaints.