A Tour of the Google Blacklist

WienerPizza writes "Michael Sutton takes us on a tour of the Google blacklist, a list of suspected phishing sites. He finds that eBay, PayPal and Bank of America combined account for 63% of the active phishing sites. Amusingly, he also reveals that Yahoo! has a nasty habit of hosting phishing sites that harvest — you guessed it — Yahoo! credentials!"

So...

[NightWulf]

That guy on eBay who told me to use my Bank of America account to send money to Paypal all through his link may not have been legit?

Re:So...

[The+Zon]

You know that guy too? Don't worry, I'm pretty sure he's legit. I just used his service to order some chemicals to clean the dye off of a suitcase full of money I'm splitting with an exiled doctor from Nigeria. Can you believe it? This doctor contacted me right out of the blue, and all I needed was a U.S. bank account and a sympathetic heart. And, except for the chemicals, this is all at no cost to me! I can't believe such a great proposition initially got filtered to my spam folder!

Re:But it's not a problem

[Jonnty]

Or define the type of scam you're trying to report. (Scroll down, it's in black, indented courier.)

This one made me cry a little inside

[Rude+Turnip]

Here is one of the last entries on the Google blacklist:

+http://zeta-os.com/astats/bankofamerica/......... ..

For those not in the know, Zeta-os.com is/was the successor developer to YellowTab, which was developing a new operating system based on the old BeOS code. Now, zeta-os.com (or at least a part of it) has been reduced to a phishing site. *sigh*

Re:This one made me cry a little inside

[jasonwc]

I just loaded http://zeta-os.com/astats/bankofamerica/ on Firefox 2.0.0.1 using Firefox's built-in phishing detector using Google to provide the blacklist ["Check by asking Google about each site I visit" option]. It loaded the site just fine, without any warning.

Re:This one made me cry a little inside

[Rude+Turnip]

That's because I truncated the full URL. You have to follow the link in the article to get the whole thing.

Oh, and thanks for modding my little emotional episode as funny, you bastards.

Google's not keeping up

[Jonnty]

Judging by the huge proportion of the blacklisted sites that are offline (and the tiny fraction that are actually phishing sites) it seems Google isn't taking this seriously enough. There is much, much more than 341 phishing sites in the world. This list should be being updated daily, they should start a way for suggesting sites or, if it exists, make it more visible.

For the only external blacklisting organisation on Firefox, and as the provider for possibly the most widely used toolbar ever, they're not taking this seriously enough. But would any security company come in with a better free blacklist?

Re:Question do Sys Admins

[GigsVT]

Yeah, because DNS is something that you should obviously trust a single company about!

Who need that old DNS system with the robust infrastructure, when we can have ads pushed on us for every domain we mistype and alongside our search results!

Someone call Verisign and tell them to fire sitefinder back up, these guys need some competition!

Here is a site that has a lot of IPs

[VGfort]

Banned IP Address - a lot of them are spammers or fake bots that will look around your website and fill your forms in the attempt to spam you or your forums/blog or whatever else you might have

Pollute the phishing sites

[thewils]

Go there and put in false information. Make it harder for them to get valid data.

Check out the whitelist

[tecker]

Either Google is really paranoid or they have yet to find a site to put on the whitelist that was linked to.

See for yourself what I mean Nothing there.