[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] A Tour of the Google Blacklist

From: "Michael Sutton" <msutton@xxxxxxxxxxxxxxx>
Subject: [WEB SECURITY] A Tour of the Google Blacklist
Date: Thu, 4 Jan 2007 14:34:44 -0500

I recently decided to devote a day to walking through the Google
Blacklist in the hopes of learning about current trends in phishing
attacks. While some of the findings were to be expected, others proved
surprising and even amusing. It turns out that the top 3 targets - eBay,
PayPal and Bank of America accounted for over 2/3 of the active phishing
sites on the list. Sadly, little was learned about new attack vectors as
the vast majority of sites leveraged straight social engineering
attacks. This suggests to me that attackers have not been forced to
upgrade their skills in order to make a profit as it's still just too
easy to prey on naive web surfers. Amusingly, I also found that Yahoo!
has a nasty habit of hosting phishing sites that harvest...Yahoo!
credentials.

Blogged:
http://portal.spidynamics.com/blogs/msutton/archive/2007/01/04/A-Tour-of
-the-Google-Blacklist.aspx

Michael Sutton

----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Prev by Date: Re: [WEB SECURITY] RE: Universal PDF XSS After Party(posible solution)
Next by Date: Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
Previous by thread: [WEB SECURITY] Re: RE: [Full-disclosure] Universal XSS with PDF files: highly dangerous
Next by thread: [WEB SECURITY] Fwd: Re: [Full-disclosure] Universal XSS with PDF files: highly dangerous
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site