Saturday, December 02, 2006

Search for Yahoo in Google and it takes you to a phishing site..

I was trying to sign up for Yahoo! alert service and a quick check on Yahoo News page didn't show up the link to Yahoo Alerts. So I typed 'Yahoo alert' in Google and hit "I am feeling lucky".

Many people use this "I am feeling lucky" feature and have reported upto 80-90% accuracy. I often found it be a great defense against phishing especially since you can search right from Firefox address bar. But I was in for a shock when I hit the button this time, this is the page that came up.






The site that came up was a phishing site. See the url that ends with "shyou.org." I dont know what has gotten into Google algorithm to rank a phishing site the top most for such a simple query. You can try the query here.




Both firefox 2 and IE 7 showed only website certificate errors but passed the site as not a phishing site.



Update 1: Searching for 'yahoo alerts' also gives the same phishing site as the first result.

Update 2: Elderberry has commented that it could most probably a proxy site, here is my response,
A little google search has found some suspicious records of this site.
This site is talking about how .shyou.org is faking Googlebot, read here
Also I couldnt find any official page from shyou.org saying that they are indeed a proxy site.
The only page I could find was this, http://flouri.shyou.org/wikihome
and it was japanese site for flouri fans.
The ssl certificate they have is from CAcert.org, both Mozilla and Microsoft have so far refused to acknowledge them as valid. read here
Last but not the least this is the first time I am seeing a proxy site high up in the search ranking for such a popular site like Yahoo. But I have to agree the issue is open..


5 comments:

Elderberry said...

You got it all wrong, friend...
Actually, it's a proxy site. Nope, no phishing.
Explained: http://www.steady-rollin.com/content/view/27/

Andrew said...

just letting you know, whether you search for a plural or not in google doesn't matter.

"books" would get the same result as "book" (though in this particular example, there are less extra "similar domain" pages found).

Dr Ortho said...

@Andrew
You are right, but I was just trying to see if adding a pleural changes the search result order..

Anonymous said...

Man - you've got to relax at some point... You see phishing and scam everywhere you go! That's all you write about! Isn't it hard to live like that? Cheer up a bit. World is not as bad as you think and it's not like everyone out there is trying to get you (or your password). Also - don't you think that it deserves to do a little learning/investigating before posting 'breaking story' like this? :) You got it all wrong yet again!

Dr Ortho said...

Elderberry, has commented saying that it is most probably a proxy site. But a little google search has found some suspicious records of this site.
This site is talking about how .shyou.org is faking Googlebot, http://www.webmasterworld.com/forum11/3294.htm
Also I couldnt find any official page from shyou.org saying that they are indeed a proxy site.
The only page I could find was this, http://flouri.shyou.org/wikihome
and it was japanese site for flouri fans. Also the ssl certificate they have is from CAcert.org, both Mozilla and Microsoft have so far refused to acknowledge them as valid. http://usablesecurity.com/2005/07/07/interesting-post-on-phishing/
Last but not the least this is the first time I am seeing a proxy site high up in the search ranking for such a popular site like Yahoo

IT Soup Chef's top picks