Please support our Tech Talk advertiser:
Featured Entry 
Jan 8th, 2007, 9:33 am
Sometimes you just cannot help it, you find yourself with time on your hands and you go snooping around in places that normal folk just do not venture. So it was with security researcher Michael Sutton who spent an entire day plugging through the Google blacklist, the Google encoded/hashed blacklist and the Google domain whitelist.
The blacklist, in case you did not know, contains a huge listing of URLs that Google suspects might be involved in phishing activity, and forms the basis of the Google Safe Browsing tool for Firefox, and the new Firefox anti-phishing filter for that matter. Both of these allow for user feedback when a suspect site is stumbled upon, and one must assume that this is how the blacklist is compiled although Google itself is keeping schtum.
What Sutton did reveal, though, was just how useful such an exercise in monotony can be, especially if you have an interest in phishing trends. So, for example, he discovered that a staggering 86% of the URLs listed were no longer actually available. Not surprising, as phishing crews tend to work on a ‘here today, gone later today’ basis to avoid getting caught. Less obvious was the fact that of the sites that were still accessible, the majority employed simple social engineering tactics rather than the perhaps to be expected zero day exploits we read so much about. Once a conman, always a conman I suspect. Which is why the soft targets, the easy touches of eBay, PayPal and Bank of America accounted for a whopping 63% of all the active phishing site scams. Sutton was perhaps most amused, however, by his discovery that a significant number of sites used to scam visitors into handing over their Yahoo login credentials were hosted by none other than, yes you have guessed it, Yahoo.
Looking at the detail of his research, I was interested by the fact that very few of the phishing scams featured made any use of open URL redirection which has in the past been a very popular technique, especially when it comes to redirecting from Google. Sutton did locate an attack using a Google AdWords redirection, but it was very much in the minority so perhaps the phishers have moved on to technologies new?
Either that or, as Sutton concludes, the majority of phishing scammers are a lot less sophisticated than we give them credit for. And hey, why should they bother investing the time, effort and money into technically complex cons when there is still plenty of money to be made from millions of unsuspecting newbies (and some long time Internet users who really should know better) who fall for the oldest cons in the book?
As long as people think that they might have won a lottery in a country they have never visited with a ticket they did not purchase, or will trust anyone claiming to be their bank asking for their username and password in order to update security files, there will always be money to be made.
The blacklist, in case you did not know, contains a huge listing of URLs that Google suspects might be involved in phishing activity, and forms the basis of the Google Safe Browsing tool for Firefox, and the new Firefox anti-phishing filter for that matter. Both of these allow for user feedback when a suspect site is stumbled upon, and one must assume that this is how the blacklist is compiled although Google itself is keeping schtum.
What Sutton did reveal, though, was just how useful such an exercise in monotony can be, especially if you have an interest in phishing trends. So, for example, he discovered that a staggering 86% of the URLs listed were no longer actually available. Not surprising, as phishing crews tend to work on a ‘here today, gone later today’ basis to avoid getting caught. Less obvious was the fact that of the sites that were still accessible, the majority employed simple social engineering tactics rather than the perhaps to be expected zero day exploits we read so much about. Once a conman, always a conman I suspect. Which is why the soft targets, the easy touches of eBay, PayPal and Bank of America accounted for a whopping 63% of all the active phishing site scams. Sutton was perhaps most amused, however, by his discovery that a significant number of sites used to scam visitors into handing over their Yahoo login credentials were hosted by none other than, yes you have guessed it, Yahoo.
Looking at the detail of his research, I was interested by the fact that very few of the phishing scams featured made any use of open URL redirection which has in the past been a very popular technique, especially when it comes to redirecting from Google. Sutton did locate an attack using a Google AdWords redirection, but it was very much in the minority so perhaps the phishers have moved on to technologies new?
Either that or, as Sutton concludes, the majority of phishing scammers are a lot less sophisticated than we give them credit for. And hey, why should they bother investing the time, effort and money into technically complex cons when there is still plenty of money to be made from millions of unsuspecting newbies (and some long time Internet users who really should know better) who fall for the oldest cons in the book?
As long as people think that they might have won a lottery in a country they have never visited with a ticket they did not purchase, or will trust anyone claiming to be their bank asking for their username and password in order to update security files, there will always be money to be made.
This blog entry was written by Davey Winder, staff writer aka happygeek. It has received 2,465 views, 0 comments, and 48 linkbacks. 1 voter has rated this entry 5 out of 5 stars. It was promoted to featured status Jan 8th, 2007.
•
•
•
•
advertising apple botnet browser business copyright crime data development email europe facebook firefox forensic gaming google hacking hardware ibm internet iphone ipod law legal linux malware marketing microsoft mobile mozilla news phishing privacy research search security social networking software spam survey technology trojan uk video virus vista web windows yahoo youtube
All Recent Tags Post Comment
•
•
•
•
Only community members can start a blog or comment on blog entries. You must register or log in to contribute.
•
•
•
•
•
•
•
•
DaniWeb Tech Talk Marketplace
Related Blog Entries
- It's True -- Some People Want You Kept in the Dark (16 Hours Ago)
- Virtual physios to soothe stroke recovery (1 Day Ago)
- AMDS Gloomy Future. (1 Day Ago)
- iPhone Girl is so not fired (2 Days Ago)
- ASA bites Apple over misleading iPhone ads (2 Days Ago)
- Don't Allow Security Breaches to Rip Your Britches (3 Days Ago)
- Internet Speed Tests Provide Misleading Results (4 Days Ago)
- Microsoft's Photosynth Will Fail (4 Days Ago)
- Swedes test faultless iPhone 3G and surprisingly find no faults (4 Days Ago)
- Redhat and Fedora Servers breached (5 Days Ago)
Related Forum Threads
- Apache mod_rewrite with Google Ads (Linux Servers and Apache)
- I want google to index forum threads (Search Engine Optimization)
- Google PR (Search Engine Optimization)
