Phishers automate attacks using 'Google hacking'
PrintWhy pay when you can pwn?
Posted in Software & Security, 2nd March 2009 10:00 GMT
Free whitepaper – What Exchange can't do - and Dell can
Three in four phishing sites are hosted on compromised servers, according to a new survey.
A study of 2,486 fraudulent websites found that 76 per cent were housed on hacked webservers, typically pwned after hackers identified well-known vulnerabilities using search engine queries. Free web hosting for fraudulent websites was used in just 17.4 per cent of cases.
The paper, called Evil Searching: Compromise and Recompromise of Internet Hosts for Phishing, by security researchers Tyler Moore and Richard Clayton, also found that a sizeable minority of compromised systems were serial victims of attack.
One in five (19 per cent) were hit again less than six months after a phishing-related hack attack. That's because legitimate owners might turf out fraudsters from their systems but they often fail to fix underlying vulnerabilities that let them in.
The study can be found here (PDF). More commentary on the study can be found in a posting by Richard Clayton on the Light the Blue Touchpaper Blog here. ®
Free whitepaper – Straight Talk with Dell: Sending out an SaaS
Analyst Keynote: The Register Agile Data Center Summit
What Exchange can't do - and Dell can
The business value of SIP VoIP and trunking
Seven ways to optimize VMware server virtualization
Sign up, sign up for The Register IT security newsletter
Microsoft's Windows 7 price gamble - and why it's flawed
Managing Desktop Software for fun and profit
Intel's flash new SSDs hit by bugs