Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Tour of the Google Blacklist

Posted by CowboyNeal on from the taking-down-names dept.

WienerPizza writes "Michael Sutton takes us on a tour of the Google blacklist, a list of suspected phishing sites. He finds that eBay, PayPal and Bank of America combined account for 63% of the active phishing sites. Amusingly, he also reveals that Yahoo! has a nasty habit of hosting phishing sites that harvest — you guessed it — Yahoo! credentials!"

5 of 89 comments (clear)

  1. Re:Question do Sys Admins by pestilence669 · · Score: 4, Informative

    OpenDNS will do phishing detection for you. Not only that, it'll correct common typos and speedup name resolution on your entire network. Oh yeah, it's also free, but it won't block those annoying fake search pages.

    http://opendns.com/

  2. Re:But it's not a problem by AoT · · Score: 4, Informative

    PayPal is annoying.I can't start a new account with them because I never verified my old account which was connected to a bank account I no longer have. Not that I really want to, I wouldn't trust those guys any further than I could throw them.

    --
    A blog about stuff.
  3. Re:This one made me cry a little inside by jasonwc · · Score: 5, Informative

    I just loaded http://zeta-os.com/astats/bankofamerica/ on Firefox 2.0.0.1 using Firefox's built-in phishing detector using Google to provide the blacklist ["Check by asking Google about each site I visit" option]. It loaded the site just fine, without any warning.

  4. Here is a site that has a lot of IPs by VGfort · · Score: 5, Informative

    Banned IP Address - a lot of them are spammers or fake bots that will look around your website and fill your forms in the attempt to spam you or your forums/blog or whatever else you might have

  5. Re:Pollute the phishing sites by mindriot · · Score: 4, Informative

    Well, I wouldn't write "f**k you spammer" or anything like that, it makes your entries distinguishable. If you want to ensure having a correct credit card number (except for the CVV code, bug the phisher couldn't verify those directly anyway), you could use something like this quick dirty hack I wrote up a few months ago to spam a phishing site using simple wget queries. To read up on the format of valid credit card numbers, see for instance this article on the anatomy of credit card numbers. The following code worked for me to create numbers that were accepted by a phishing site I spammed:

    my $cc = substr("000000" . int(rand(1000000)), -6); # Any format

    # Add 9 digits for the account number
    $cc .= int(rand(900000000))+100000000;

    # Check digit: Luhn Code
    my $checknum = 0;
    for (my $j = 0; $j < length($cc); $j++) {
    my $val = substr($cc, $j, 1);
    if ($j % 2 == 0) {
    # These will be doubled
    my $v = 2*$val;
    $v -= 9 if ($v > 9);
    $checknum += $v;
    } else {
    # These will just be added normally
    $checknum += $val;
    }
    }
    # The last digit should add up to a multiple of 10
    $cc .= ($checknum%10 != 0)?(10-($checknum%10)):'0';

    # Output an expiration date (arbitrary, 2007..2015)
    my $month = int(rand(12))+1;
    my $year = qw(2007 2008 2009 2010 2011 2012 2013 2014 2015)[int(rand(9))];

    # Random CVV2 code
    my $cvv = substr("000" . int(rand(1000)), -3);