Original URL: http://www.theregister.co.uk/2009/03/02/phishing_hackedserver_survey/

Phishers automate attacks using 'Google hacking'

Why pay when you can pwn?

By John Leyden

Posted in Security, 2nd March 2009 10:00 GMT

Three in four phishing sites are hosted on compromised servers, according to a new survey.

A study of 2,486 fraudulent websites found that 76 per cent were housed on hacked webservers, typically pwned after hackers identified well-known vulnerabilities using search engine queries. Free web hosting for fraudulent websites was used in just 17.4 per cent of cases.

The paper, called Evil Searching: Compromise and Recompromise of Internet Hosts for Phishing, by security researchers Tyler Moore and Richard Clayton, also found that a sizeable minority of compromised systems were serial victims of attack.

One in five (19 per cent) were hit again less than six months after a phishing-related hack attack. That's because legitimate owners might turf out fraudsters from their systems but they often fail to fix underlying vulnerabilities that let them in.

The study can be found here (PDF). More commentary on the study can be found in a posting by Richard Clayton on the Light the Blue Touchpaper Blog here. ®