Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Tour of the Google Blacklist

Posted by CowboyNeal on from the taking-down-names dept.

WienerPizza writes "Michael Sutton takes us on a tour of the Google blacklist, a list of suspected phishing sites. He finds that eBay, PayPal and Bank of America combined account for 63% of the active phishing sites. Amusingly, he also reveals that Yahoo! has a nasty habit of hosting phishing sites that harvest — you guessed it — Yahoo! credentials!"

12 of 89 comments (clear)

  1. Google's not keeping up by Jonnty · · Score: 5, Insightful

    Judging by the huge proportion of the blacklisted sites that are offline (and the tiny fraction that are actually phishing sites) it seems Google isn't taking this seriously enough. There is much, much more than 341 phishing sites in the world. This list should be being updated daily, they should start a way for suggesting sites or, if it exists, make it more visible.

    For the only external blacklisting organisation on Firefox, and as the provider for possibly the most widely used toolbar ever, they're not taking this seriously enough. But would any security company come in with a better free blacklist?

    --
    Any grammatical or spelling errors above are for comic effect, and do not signify imperfection in the writer.
    1. Re:Google's not keeping up by GigsVT · · Score: 4, Insightful

      They don't have to do this at all.

      Any way to suggest sites would be gamed and abused. There are thousands of people in the "search engine optimization" "industry" that are total sleeze.

      --
      I've had enough abrasive sigs. Kittens are cute and fuzzy.
    2. Re:Google's not keeping up by Tim+C · · Score: 2, Insightful

      That's simple to abuse. If there really is a human sat there reviewing submitted URLs, then you just DoS it, by flooding it with far more submissions than it's possible to review.

      If it's an automatic, "X hits and you're blacklisted" type system, then zombie PC networks will be submitting URLs and getting legitimate sites blacklisted - sure, you probably won't be able to do that to a large, well known site, but there are millions of sites that would be vulnerable.

      It's a nice idea, but I personally think that a world in which such a system would actually be practicable wouldn't need it in the first place. In ours, I just don't see it working; too easy to abuse, and too many people with an interest in abusing it (before we even get to the bored ne'er-do-wells)

      --
      It's official. Most of you are morons.
    3. Re:Google's not keeping up by simstick · · Score: 2, Insightful

      I use the phishtank plugin for firefox. And when I have a minute I jump on and rate some submitted phishes. One thing I disagree on is if a site is offline already people vote it as a not phish. I say if they are trying they need to be rated bad to build a history.

      --
      The best way to ruin your hobby is to try to make a living at it. Waiting on the paperless office since 1997
  2. Re:Question do Sys Admins by GigsVT · · Score: 5, Insightful

    Yeah, because DNS is something that you should obviously trust a single company about!

    Who need that old DNS system with the robust infrastructure, when we can have ads pushed on us for every domain we mistype and alongside our search results!

    Someone call Verisign and tell them to fire sitefinder back up, these guys need some competition!

    --
    I've had enough abrasive sigs. Kittens are cute and fuzzy.
  3. Pollute the phishing sites by thewils · · Score: 5, Insightful

    Go there and put in false information. Make it harder for them to get valid data.

    --
    Once I was a four stone apology. Now I am two separate gorillas.
  4. Re:Question do Sys Admins by mr_Spook · · Score: 2, Insightful

    Sadly, OpenDNS will give you its own fake/crappy search page when you type something wrong. That alone was cause enough for me to stop using it.

  5. (a) Known for years and (b) not just Yahoo by Arrogant-Bastard · · Score: 4, Insightful

    A. This problem has been discussed in depth on various
    anti-spam mailng lists and newsgroups for many years.
    This long-standing problem has been steadfastly ignored
    by Yahoo, who went so far as to dismiss the key people
    on their own abuse staff when they tried to address it.

    As a consequence, it's now a better-than-even bet
    that any site hosted by Yahoo belongs to a spammer,
    phisher, spyware injector, child pornographer, scammer
    or other lowlife. My own meager list of Yahoo-hosted
    dropboxes for such stands at 26,831 this morning and
    those are just the ones that brought themselves to
    my attention, i.e. I'm passively noting them and not
    actively searching them out.

    As a result, Yahoo is one of the biggest spam-sending
    and spam-supporting operations on the entire Internet.
    (Oh, and Geocities is now completely infested. Rejecting
    all inbound mail [except anti-spam discussions] that contains
    a Geocities URL is a surprising effective tactic.)

    B. They're not alone. For instance, MSN BCentral should
    be renamed MSN SpamCentral -- it's just as bad. And Hotmail
    cheerfully hosts spammer dropboxes by the tens of thousands.

    There are others, but what makes these two particularly
    annoying is that they make a public show of being anti-spam
    by promoting snake-oil like SenderID and DomainKeys, both
    of which are worthless. (If it isn't obvious why, then think
    about the hundreds of millions of zombies -- hijacked Windows
    systems -- out there and consider that their new masters
    have possession of all email credentials belonging to their
    former owners -- from POP passwords to PGP keys. It is not
    possible to solve the forgery problem -- for any useful
    definition of "solve" -- without solving this problem first.
    Good luck. This same thing applies to SPF and variants, by
    the way, all of which are complete failures.)

    Another thing that distinguishes them is the absolutely
    irresponsible, totally clueless way in which abuse reports
    are handled. Most seem to disappear into black holes. The
    majority of the rest are returned with semi-literate denials
    that the abuse has any connection with their operation -- even
    when their own IP address are clearly the source. If you'd
    like to browse a huge number of examples of this, go to
    Usenet's news.admin.net-abuse.email and search for
    "Yahoo clueless" or "Hotmail clueless". Make coffee first.

    The bottom line is that both of these services are huge abuse
    magnets and have been for years, so I find it curious that
    yet another report of the same old thing is deemed noteworthy.

  6. Re:Good Experience with Paypal by HistoricPrizm · · Score: 3, Insightful
    Dun Malg said:

    Most banks require a minimum balance before they waive the monthly service fee. In my experience, it's just a matter of finding the right bank that has a relationship with someone you also have a relationship with. I get offers for free checking (no minimum balance requirements) through my alumni associations (undergrad and graduate), my wife's employer, my employer, even through the fact that my father-in-law is retired military. Dun Malg also said:

    This is one of the many ways they soak the poor. I don't really think that is a fair portrayal of the situation. Banks charge fees for accounts that don't keep high balances because they don't make money on them. Banks are not charitable organizations, they are in business to make money.
  7. Re:Good Experience with Paypal by Captain+Splendid · · Score: 1, Insightful

    Banks charge fees for accounts that don't keep high balances because they don't make money on them.

    Bullshit. Banks are (supposed) to be about aggregation. It shouldn't matter if you have 50 or 50 mil in your account, the bank is still using your money to lend out at higher rates than they pay you.

    --
    Linux, you magnificent bastard, I read the fucking manual!
  8. Linking to original site by aegl · · Score: 2, Insightful
    "The pages are generally exact replicas of the original web page and generally pull graphics (*.jpg, *.gif, etc.) from the legitimate web site."

    The owners of the original sites should regularly rename the real image files, and replace the old files with images that would help inform the potential victim that they were on a scam site.

    Next step is that the phishers no longer link to the image files, but copy them instead ... but this gives the real site owner another legal tool (copyright infringement) to shut down the phishing site plus a clear legal path to extract money from the phisher.

  9. Re:Good Experience with Paypal by DerekLyons · · Score: 2, Insightful
    Am I the only one that has had a good experience with Paypal?

    No, you aren't. Like any service - from Slashdot to your local quick-e-mart, Paypal has unsatisfied users. Those unsatisfied with Paypal however are *extremely* vocal.