Feeds

Cybercrooks lurk in shadows of big-name websites

Phishermen redirect via Google Maps, AOL et al

Secure remote control for conventional and virtual desktops

A small team of security researchers has documented how many high-profile websites are unwittingly helping phishing fraudsters.

Phishing scams often use "open redirector" exploits on major sites to make their attack URL look more legitimate. The trick also makes it more likely that fraudulent emails that form the basis of phishing attacks will slip past spam filters. Typically, security flaws on exploited high-profile sites allow a phisher to provide a link which appears to be a legitimate URL, but actually redirects to a fraudulent site.

Previous Register stories have covered examples of the ruse practiced on websites including Barclays Bank (story here), eBay (here), and others.

To date, most of the information about the topic has been anecdotal. SiteTruth aims to shed light on the scope of the problem by collecting hard numbers as part a project that ultimately aims to provide a search engine that will allow clued-up surfers to check on the legitimacy of sites. SiteTruth's search service isn't limited to sites that have paid a fee. Nor is it selling "seals of approval".

Its findings are partly based on existing business records, as well as links with other anti-phishing organisations (such as PhishTank, a clearing house for reports about phishing sites), and its own research. It also takes submissions from webmasters, as explained here.

Even so, the site admits its findings aren't infallible and ought to serve only as a guideline. The safe search feature is currently in Alpha testing.

SiteTruth's research, based on the collection of information about exploited websites and updated every three hours, also reports on insecure practices that serve the interest of cybercrooks. SiteTruth breaks down the vulnerabilities it finds into five categories, as follows:

  • Open redirectors
  • Sites that allow user hosted content in ways exploitable for phishing (i.e. "photobucket.com", which will accept uploads of Flash files)
  • ISPs that provide DSL or cable connections for phishing sites
  • Unscrupulous commercial hosting services
  • Compromised sites exploited by phishers (Universities with high bandwidth connections and lax security are a favourite in this category)

Some of the items on the list cover broadly similar ground to that documented by Spamhaus and others. However, the open redirector run-down compiled by SiteTruth is a distinct list that makes for interesting reading.

SiteTruth has cross referenced the 10,000 sites listed in PhishTank with the 1.7 million sites in the Open Directory Project database to discover a list of 171 problem domains. Domains listed typically have a security vulnerability which is being exploited by phishing fraudsters.

URL redirection isn't the only category for listing in this blacklist (hosting or otherwise unwittingly helping phishing scams also counts). But the sites allowing URL redirection include many high-profile organisations that ought to know better, including Google Maps. It's easy to bounce off Google Maps to reach the register, for example.

AOL, Microsoft Live, the BBC, Yahoo!, and UK bank Alliance and Leicester have also been greylisted by SiteTruth over the last three weeks.

"Phishing sites come and go rapidly; this list may be out of date within hours," SiteTruth's John Nagle told El Reg. "Some sites are still in PhishTank because they had an active phish in the recent past and PhishTank hasn't purged the entries yet. But some major sites have been on the list for weeks to months.

"So some major websites are being used to lend credibility to phishing attacks. But the number of major sites involved isn't large. It's no longer an acceptable excuse to claim that 'everybody has that problem'. Only some have it, and they need to fix it." ®

New hybrid storage solutions

More from The Register

next story
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.